Sonatype CLM Server - Application Composition Report
The important thing to remember about the Security Issues tab is that information displayed there is related specifically to security vulnerabilities data that has been collected by Sonatype. This data however, is separate from policy violations, which are based on policies that you have created (or imported), and are displayed on the Policy tab. That is, you could certainly have a situation where there is a security vulnerability, and no policy violation. Because of this, it is important to treat them independently.
The way components are displayed is actually quite different as well. In the Security Issues tab, only those components with a security vulnerability are displayed. The data provided for each component is broken into several columns:
- Threat Level
- Problem Code
- Component
- Status
By default the list of components with security vulnerabilities is organized by threat level. This helps you isolate the most critical issues you need to address. However, you may notice that components in this list are repeated. This is because a component may have more than one security vulnerability, and those vulnerabilities in fact may have different scores, thus different threat levels.
To sort the list, simply click the corresponding header. For example, if we wanted to sort by components, finding a component with multiple vulnerabilities, we would simply click on the Components column. Additionally, you can search for a specific component by typing in the search field located directly below each header.
![[Note]](images/icons/note.png){kind=icon}
|
|
|
You might have noticed the status column, and the big blue Edit button. It is used for changing the Status of a security vulnerability for a component selected in the list. |