Versions Compared

Old Version 39

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

For customers moving from the previous model of (library-based only) alerting to the new Security Alerts: View By Vulnerability, this page describes the changes encountered.

DISCLAIMER: Support for the library-based alerts data model will end on April 4th, 2022.

GUI Changes

Reports

The following changes have been implemented to the Reports functionality: 

...

Ignored Alerts Report

...

The Security panel has undergone name changes in some of its inner panels. 

...

Removed, and the Status column has been incorporated into the Licensing & Compliance Alerts and Security Alerts: View by Vulnerability.

NOTE: Bulk actions of ignored/activated will be done only on items on which the action can be executed.

...

Ignoring an alert now implements all its operations in the same screen (without moving the user to other screens).

Dashboard

The following changes have been implemented to the dashboards:

...

  • Clicking on the Per-Library Alerts panel launches Security Alerts: View by Library
  • Clicking on Per-Vulnerability Alerts panel launches Security Alerts: View by Vulnerability.
  • Vulnerability Analysis pie chart:
    • Adjustments to text
    • The count is now per vulnerability (not library)
    • In Prioritize, grey shields will not be displayed (as they indicate libraries, not vulnerabilities)

...

  • Open Security Vulnerabilities (Occurrences) - Clicking the panel launches Security Alerts: View by Vulnerability.
  • Average Remediation vs. Handling Time - Clicking the panel launches Security Alerts: View by Vulnerability.
  • Newly Published Security Vulnerabilities - Clicking the panel launches Security Alerts: View by Vulnerability.

Alert Emails

The following changes have been implemented for status updates containing new alerts emails:

  • The section titles in email notifications have been changed from Security Library to Library Security Vulnerabilities.
  • In each Library Security Vulnerabilities section, next to the library name, the total count of security vulnerabilities for the library is displayed.
  • In each Library Security Vulnerabilities section, each vulnerability is displayed in a separate row along with its reported severity.

Prioritize

Grey shields are removed for displays that focus on vulnerabilities.

Policies

Grey shields (for customers with installations of Prioritize) are removed for displays that focus on vulnerabilities.

Library Details 

The name of the Alerts panel has been changed, and its content now contains the Home dashboard categories for a library (those in Policy, Library, and Security).

API Changes

Modified APIs

The following is a list of APIs that have undergone changes if Vulnerability-based Alerting is enabled:

  • getOrganizationAlerts
  • getProductAlerts
  • getProjectAlerts
  • getOrganizationAlertsByType
  • getProductAlertsByType
  • getProjectAlertsByType
  • getOrganizationIgnoredAlerts
  • getProductIgnoredAlerts
  • getProjectIgnoredAlerts

The changes are as follows:

  • Previously, in the responses, the alert UUID was the same for all vulnerabilities related to the same library name. After enabling this feature, the alert UUID is unique per CVE and therefore different for all the vulnerabilities related to the same library.
  • A new element has been added (sourceFiles) to the API response in case there is a relation between a CVE and a source file.
  • The following fields were added to the responses of the APIs: getAlerts, getAlertsByProjectTag, getProjectAlertByType in all the scopes (project/product/organization):
    • Modified Date
    • Alert Status
    • Comment

New APIs 

The following is a list of new APIs that are only available to organizations if Vulnerability-based Alerting is installed:

APIs for generating security alerts reports, detailed by vulnerability 

  • getOrganizationSecurityAlertsByVulnerabilityReport
  • getProductSecurityAlertsByVulnerabilityReport
  • getProjectSecurityAlertsByVulnerabilityReport

APIs for generating security alerts reports, detailed by library

  • getOrganizationSecurityAlertsByLibraryReport
  • getProductSecurityAlertsByLibraryReport
  • getProjectSecurityAlertsByLibraryReport

APIs for generating license and compliance alerts reports

  • getOrganizationLicenseAndComplianceAlertReport
  • getProductLicenseAndComplianceAlertReport
  • getProjectLicenseAndComplianceAlertReport

For more details on these API calls, please refer to the API v1.3 documentation: HTTP API v1.3#Vulnerability-basedAlerts

Removed APIs 

Additionally, the following is a list of APIs that are not available to organizations if Vulnerability-based Alerting is installed:

  • getOrganizationAlertsReport
  • getProductAlertsReport
  • getProjectAlertsReport
  • getOrganizationIgnoredAlertsReport
  • getProductIgnoredAlertsReport
  • getProjectIgnoredAlertsReport
  • getOrganizationResolvedAlertsReport
  • getProductResolvedAlertsReport
  • getProjectResolvedAlertsReport
Info

Changes in the APIs do not cause any backward compatibility issues.

Unaffected APIs

For the remaining APIs that have not been affected by the transition to Vulnerability-based Alerting, see the following:

NOTE: In case there is a relation between a CVE and a source file, the following elements will be added to the API response:

...

This page is available at: https://docs.mend.io/bundle/sca_user_guide/page/vulnerability-based_alerts.html