Skip to main content

Reviewing SCA results

It is possible to drill down the scan results page for a specific scan, which shows detailed info about the risks identified in that scan by the SCA scanner. You can also view scan results for specific vulnerable packages and risks. We will guide you through the SCA scan results and look at the Packages, Container, and Risks tabs in detail.

The Packages tab shows detailed information about the packages identified in your source code and their vulnerabilities.

The Container tab shows the container packages identified in your project and their vulnerabilities.

The Risks tab shows information about all of the risks associated with the open-source packages used by your project. It includes vulnerabilities such as CVEs, and supply chain risks such as malicious packages.

For more details, see Viewing SCA Results.

Packages

The Packages tab shows detailed information about the packages identified in your source code and the vulnerabilities found.

The Packages tab contains sub-tabs that show two types of pages:

  • The All Packages section shows a list of all packages that contain vulnerabilities identified by this scan.

  • The Package Details section shows detailed info about a specific package.

You can navigate between the various tabs that you have opened. In this video, we will guide you through the Packages tab.

For more details and instructions, please see the following articles.

Viewing SCA Results

Container

The Container section shows the container packages identified in your project and their vulnerabilities.

The Container tab contains two sub-tabs:

  • The Container Packages tab shows a list of all of the packages identified in the container images.

  • The Container Vulnerabilities tab shows a list of the vulnerabilities associated with the container packages.

In this video, we will guide you through the container tab.

For more details and instructions, please see the following articles.

Viewing SCA Results

Risks

The Risks tab shows information about the risks associated with the open-source packages used by your project, including vulnerabilities, like CVEs, and supply chain risks, such as malicious packages. The Risks tab contains sub-tabs that show two types of pages:

  • The All Risks section shows a list of Risks identified by this scan.

  • The Risk Details section shows detailed info about a specific Risk. You can access this section by clicking on a row in the All Risks tab to access this page.

You can navigate between the various tabs that you have opened. In this video, we will guide you through the Risks tab.

For more details and instructions, please see the following articles.

Viewing SCA Results