...

In addition, WhiteSource uses a proprietary patent-pending algorithm that matches the specific component with its vulnerability, resulting in a database that contains more than 175,000 vulnerabilities. These are collected on a daily basis from the National Vulnerability Database (NVD) and other resources and repositories such as RubyOnRails, RetireJS, NodeSecurity and GitHub issue tracker.

Vulnerability Types

There are two types of vulnerabilities:

...

The vulnerability identifier (Vulnerability ID) of either the CVE or WS type can be found in the Vulnerabilities Report and Security Alerts: View by Vulnerability screen.

Searching Libraries for CVEs and Vulnerabilities

This procedure describes how to perform a global search for CVEs and WhiteSource vulnerabilities in your libraries, for informative, analysis, or reporting purposes. 

Do as follows:

1. From any screen in the WhiteSource Application, click the search icon at the top. The Global Search dialog box is displayed.

2. Select Library or Vulnerability.

3. If you select Library, enter the library, and in Type, select the type from the drop-down list and then click Search.

4. If you select Vulnerability, enter the vulnerability's individual CVE number, and click Search. An informative popup displays one of the following options:

   • The vulnerability is found in your library. Click View to view general information about this vulnerability in the Security Vulnerability screen.

   • The vulnerability is known to WhiteSource but is not found in your library. Click View to view general information about this vulnerability in the Security Vulnerability screen.

   • The vulnerability is not known to WhiteSource, and therefore not found in your library. Click Report to report this vulnerability to WhiteSource for further analysis and for inclusion in its database of vulnerabilities.

Viewing and Utilizing Vulnerabilities Information

...