Versions Compared

Old Version 13

changes.mady.by.user Michael Hollander

Saved on

compared with

New Version 14

changes.mady.by.user Michael Hollander

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

  • Vulnerable library: Includes the path to the dependency file and the path of the library. If the path is of a transitive dependency, then only the path information of the root library is displayed. This section also contains a commit link, which includes the path to the commit link where the vulnerability was found. NOTE: The originating branch of the vulnerability is also displayed in case the baseBranches configuration was used.

  • Vulnerability details: Description of vulnerability, published date, and link to the vulnerability source website.

  • CVSS 3 score: Basic CVSS3 score metrics. If this score is not available then the CVSS 2 score is displayed.

  • Suggested fix: A detailed suggestion that includes type, origin, release date, and fix resolution. Note that a fix may not always be available.

  • Automatic Remediation is available for this issue - (NOTE: Supported from version 19.9.1.1 in self-managed integrations) Part of WhiteSource Remediate. Displayed only when automatic remediation is available for the issue, and when the issue does not contain more than a single component. 

  • Check this box to open an automated fix PR/MR - (NOTE: Supported from version 20.2.2 in self-managed integrations) Provides the ability to generate fix PR/MRs on-demand without defining workflow rules in advance. This checkbox is displayed only if automatic remediation is available for the issue and no workflow rules were added yet for the repository. Note that after clicking the checkbox, WhiteSource Remediate immediately generates a fix PR/MR to remediate the given issue.

...

  • Vulnerable library: Includes a description of the vulnerable source library, a link to the source library home page, a commit link, and the path to the commit link where the vulnerability was found. NOTE: The originating branch of the vulnerability is also displayed in case the baseBranches configuration was used.

  • Library Source Files - A list of source files found in the vulnerability source library.

  • Vulnerability Details: Description of vulnerability, published date, and link to the vulnerability source website. 

  • CVSS 3 score: Basic CVSS3 score metrics. If this score is not available then the CVSS 2 score is displayed.

  • Suggested fix: A detailed suggestion that includes type, origin, release date, and fix resolution. Note that a fix may not always be available.

...

Selecting a specific IaC violation type issue displays its details:NOTE: Only supported in WhiteSource for GitHub.com.

  • Violation detected in file: Includes details of the affected configuration file containing an IaC violation. It also includes the line numbers affected inside the file.

  • File Type: The type of configuration file. NOTE: Only Terraform configuration files are currently supported.

  • Details: Additional information regarding the IaC violation.