Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Component based library (e.g., '*.tgz', '*.jar' ): The vulnerable library appears first after the heading that indicates the name of the issue.



    It includes the following information:
    • Vulnerable library: Includes the path of the library. If the path is of a transitive dependency library then only the path information of the root library is relevant to you.

    • Commit link: Includes the path to the GitHub commit link where the vulnerability was found.
    • Vulnerability details: Description of vulnerability, published date, and link to the specific CVE in the CVE website.
    • CVSS 3 score: Basic CVSS3 score matrix. If this score is not available then the CVSS 2 score matrix is displayed.
    • Suggested fix for the vulnerability: A detailed suggestion that includes type, origin, release date, and fix resolution. Note that a fix may not always be available.
  • Source file based component: The vulnerable library appears as the first item in the list:



    It includes the following information:
    • Vulnerable library: Includes a comment that indicates the possibility of a false origin recognition, and a list of all the source files of this library. 
    • Vulnerability Details: Description of vulnerability, published date, and link to the specific CVE in the CVE website.
    • CVSS 3 score: Basic CVSS 3 score matrix. If this score is not available then the CVSS 2 score matrix is displayed.
    • Suggested fix for the vulnerability: A detailed suggestion that includes type, origin, release date, and fix resolution. Note that a fix may not always be available.
    • Commit link: Includes the path to the GitHub commit link where the vulnerability was found.

...

  • Severity: Overall score of the severity (High, Medium or Low).
  • CVSS Score 
  • CVE: A link to the related CVE page for the vulnerability.
  • GitHub Issue: A link to the WhiteSource issue that was generated for the vulnerability. For example, the following is an issue that was generated for the first vulnerability of the report on the above screenshot: 

...