Sonatype CLM Server - Application Composition Report
After clicking on a component row to display the CIP, click the Edit Vulnerabilities section.
Here, the left side will display all security vulnerabilities. Depending on how many, this list may scroll. The list is then organized into three columns:
- Threat Level
- Indicates the threat assigned to the security vulnerability and is determined based on the source. This is not associated to any policy threat level.
- Problem Code
- This is the unique identifier of the security issue as assigned by the source (e.g. CVE-2000-5518). It will change depending on the source of the data.
- Information
- Sonatype provides information from public sources, as well as information from our own research team. Clicking on the icon in the corresponding row will display additional details provided about the issue.
+
- Status
- The status of the security issue as assigned by the drop down to the right. See below for information on changing this status.
To the right of the list of security vulnerabilities is the status drop down and a comments section. To change the status simply select one from the drop down, select the vulnerabilities the status will apply to, enter any associated comments, and finally, click the Update button. It is important to mention the status can be changed to any status at any time.
There are four statuses available:
- Open
- The default status, represents no research being done.
- Acknowledged
- Represents that the security vulnerability is under review.
- Not Applicable
- Indicates that research was conducted, and the particular vulnerability does not affect the application.
- Confirmed
- Demonstrates research was conducted, and it has been determined the security vulnerability is valid and applicable.
