Reviewing Security Issues
We’ve updated our global, project, and release group Issues view to improve experience and functionality. This is the central inbox for all issues across all projects or all issues within a specific project.
From the main Issues tab, you can navigate to your Security Issues.
In this article, you learn about filtering and sorting options. As well as, bulk actions you can take to address the identified issues.
You can refer to Creating Tickets and Ignoring Issues for more information on completing bulk actions.
Regardless of the type of issue you are reviewing, all issues are automatically filtered into two tabs:
- Active - All issues that require additional attention
- Ignored - Issues that have been reviewed and ignored
You now have the ability to use filters to refine your search.
|Direct||Filter issues that are direct dependencies.|
|Transitive||Filter issues that are transitive dependencies.|
|Ticketed||Filter issues that already have a ticket associated.|
|Not Ticketed||Filter issues that have no associated tickets.|
|Critical||Filter Security issues that have CVSS score 9-10|
|High||Filter Security issues that have CVSS score 7-8.9|
|Medium||Filter Security issues that have CVSS score 4-6.9|
|Low||Filter Security issues that have CVSS score 0.1-3.9|
|Unknown||Filter Security issues that do not have a CVSS score|
|Has Fix||Filter Security issues that have either a Partial or Complete fix|
|No Fix||Filter Security issues that do not currently have a known safe version|
Partial Fix - Nearest update to fix the selected CVE. This fix may not resolve all vulnerabilities.
Complete Fix - Nearest update to fix all vulnerabilities found on this dependency
Please see auto-ignored section for more details
|Manual||An issue ignored manually by the user|
|Auto-ignored||An issue ignored via "auto-ignore in all versions"|
You can select Reset all filters to remove existing filters at any time to display all identified issues.
Depending on the number of issues that are listed in your central inbox, it is helpful to sort issues based on specific criteria to support your remediation process. You can sort Issues based on:
- When the Issue was found by FOSSA (newest to oldest or oldest to newest)
- The package name (ascending or descending alphabetical order)
- The severity of the listed issue (highest to lowest or lowest to highest)
You can initiate actions by selecting the checkbox next to any issue, giving you access to the action menu.
Available actions will depend on product type (licensing, security, quality), issue status (active, ignored), issue scope (global, release group, project), and action type (individual, bulk). Please see the table below for a detailed breakdown.
|Action||Description||Action type(s)||Product type(s)||Issue status||Issue scope(s)|
|Ignore (in current versions only)||Ignore the selected issue(s) for the current semantic version of the affected package. Doing so will ignore in only the selected, affected project(s).|
A new project revision containing any other semantic version of the package will generate a new active issue.
|individual, bulk||licensing, security, quality||active||global, release group, project|
|Ignore (Auto-ignore in all versions)||only available for individual project issues|
Ignore the detected issue for all semantic versions of the affected package. Doing so will ignore in only the selected, affected project.
Doing so will only apply to the selected issue type (Denied/Flagged license or a CVE)
A new project revision containing any other semantic version of the package will be auto-ignored. Please see the auto-ignored section for full details.
|Create ticket||Create a ticket (JIRA) containing all selected issues. Please see Creating a Jira Ticket for full usage and configuration details.|
Doing so with a previously ticketed issue(s) selected will link to the new ticket only.
|individual, bulk||licensing, security, quality||active, ignored||global, release group, project|
|Unlink ticket||Remove the association between the selected issue(s) and any linked tickets.||individual, bulk||licensing, security, quality||active, ignored||global, release group, project|
|Download CSV||Download a csv containing all selected issues scoped by issue status(active or ignored)||individual, bulk||licensing, security, quality||active, ignored||global, release group, project|
|Unignore||Change selected issue(s) status from ignored to active.|
Note doing so will not end any existing auto-ignore rules. Please see the auto-ignore section for more details on stopping auto-ignore rules.
|individual, bulk||licensing, security, quality||ignored||global, release group, project|
You can action more than one issue at a time across all affected projects by using the select all or checking the boxes of the applicable issues in the global issues view.
This functionality replaces the Resolve in All Projects option when ignoring an issue in a particular project and the issue is found in other projects.
By selecting the bulk action checkbox, it automatically selects all the issues listed on the page. To select all the applicable issues, you must click the Select all link that displays in green.
Updated about 1 month ago