The security alerts enable you to review which vulnerabilities were detected in your projects' libraries. You can select in which scope to see the alerts - the whole organization, a specific product, or specific project, all according to your role. You can also choose the time period for the alerts, for example, last three months or six months.
At any given time, alerts are in one of three statuses (active, ignored, resolved). By default, alerts are in active state - meaning they will appear in dashboards and reports. If, after analysis, you want the application to ignore them, you can mark them as such and they will no longer appear in the aforementioned screens (ignored status). You can also reactivate ignored alerts, whereby they will revert to active state and be restored in the application and re-appear in dashboards and reports.
When performing any manual change to an alert's status, you can add optional free-text comments (up to 255 characters) to log your changes with the relevant details for future reference. The comments will appear in the changelog report, and also when hovering over the alert’s status in the alerts screen.
If the application identified any changes causing the alerts to be no longer relevant (for example, a library was upgraded to a newer version without the previous version's vulnerabilities), the application will change the alerts' status to resolved. It is important to note that you can use the alerts' statuses to better filter reports.
Most of your work will probably involve the Security Alerts: View By Vulnerability option as it enables a higher level of alerting granularity. However, if you prefer using the library scope, you can always use the Security Alerts: View By Library option.
To work with Security alerts, click the relevant link: