How do I see details about my projects?

  • 23 January 2023
  • 0 replies
  • 122 views

In order to efficiently work with vulnerabilities in your repositories, you need an overview of all repositories you have along with the vulnerabilities affecting them. Debricked provides you with an overview of all your projects and their security status.

 

 

How do I see all of my repositories?

To get an overview of all your repositories, click on Repositories in the left side menu.

In this view, all your repositories are shown, by default sorted by the amount of vulnerabilities, along with the data:

  • Name: The name of the repository prepended with the name of the owner (if using integrations to e.g. GitHub)

  • Total indirect dependencies: The number of indirect dependencies that were imported by the dependency

  • Total vulnerabilities: The total number of vulnerabilities found (including indirect dependencies)

  • Vulnerability priority: The total number of vulnerabilities where the CVSS score is critical or high

  • Review status: The total number of vulnerabilities, where the review status is set to vulnerableunexamined, paused/snoozed, and unaffected

  • Total vulnerabilities with exploits: The total amount of vulnerabilities that have at least one known exploit.

 

How do I see vulnerabilities in a specific repository?

To show all vulnerabilities in a specific repository, click on the repository name. This will show you a view specific for that repository.

In this view, you get detailed information regarding the vulnerabilities discovered in your repository:

  • Name: The vulnerability name, which is usually a CVE identifier.

  • Discovered: The date at which the vulnerability was discovered in your code/repository.

  • CVSS: The CVSS score for this vulnerability.

  • Dependencies: In which dependency the vulnerability was discovered

  • Review status: Whether the vulnerability is known to be vulnerable, unaffected, or unexamined.

To see all commits related to this repository, or all related dependencies, click one of the tabs.


 

How do I see information about a specific vulnerability?

To get detailed information about a specific vulnerability in a repository, click on the vulnerability ID. In this view, we present links to advisories, such as NVD and GitHub along with a summary of the severity.

Further down, we present where the vulnerability was introduced. We show the file(s) in which the vulnerability was found, and also through which dependencies it was introduced.

Under Vulnerable dependency, we show which versions are vulnerable and, if possible, which versions are safe.

At the bottom, we show the breakdown of the CVSS scores. 

Finally, we present a list of external references where you may find information about remediations, patches, real-world exploits, as well as documentation from issue trackers.


 

How do I see all of the vulnerabilities across all projects?

To get an overview of all vulnerabilities found in all scanned repositories, click on the Vulnerabilities in the left side menu.

This view is similar to the view for a specific repository, but here we include all vulnerabilities found in all your repositories.

 

How do I see all of my dependencies?

To get an overview of all imported dependencies, including indirect dependencies, click on Dependencies in the left side menu.

In this view, you are presented with a list of all dependencies found in all scanned repositories. It includes details such as:

  • Name: The name of the dependency

  • Total indirect dependencies: The number of indirect dependencies that were imported by the dependency

  • Total vulnerabilities: The total number of vulnerabilities found (including indirect dependencies)

  • Vulnerability priority: The total number of vulnerabilities where the CVSS score is critical or high

  • Review status: The total number of vulnerabilities, where the review status is set to vulnerableunexamined, paused/snoozed, and unaffected

  • Licenses: Under what license this dependency is released

  • Health Scores: The Popularity score and the Contributor score of this dependency.

 

Symbols

The column Name contains additional symbols providing you with more information:

  • ? - for dependencies, which we were not able to parse (see Levels of support)
  • ▼ - for direct dependencies, which include indirect dependencies (see Direct/indirect dependencies)
  • dependency symbol - for indirect dependencies which are related to the main dependencies
  • no symbol - for direct dependencies which don’t include any indirect dependencies.

 

Direct/Indirect dependencies

You can use the ▼ button next to the name of the direct dependency to see its indirect dependencies. The indirect dependencies are marked with an icon in the Name column to make it easier for you to differentiate them. To expand all direct dependencies in the current page, click the Expand all/Collapse all toggle button at the top.

 

Search for dependencies

You can type the name of a package in the Search bar, to search for a specific dependency (direct/ indirect), or the name of a license to see all the dependencies related to one license.


0 replies

Be the first to reply!

Reply