Investigate and Remediate Vulnerabilities
Last updated
Was this helpful?
Last updated
Was this helpful?
Protect Your Project from Vulnerabilities
LFX Security identifies vulnerabilities in your project code and helps you fix them with automated updates and patches. Here's how it works:
Vulnerability Detection: LFX Security scans your repositories, maps dependencies, and correlates them with a vulnerability database.
Investigate and Remediate: For each vulnerability, you can investigate the issue details and remediate it by:
Upgrading to a vulnerability-free version of the package
Applying a patch to fix the vulnerability
Removing the dependency if the risk is too high
By addressing vulnerabilities, you can prevent data damage, protect your project, and ensure the security of your developers.
Issues tab provides a list with all the issues related to the project. The issue list provides information such as repository name, open issues, type of issues such as critical, high, medium and low. You can also see the complete details related to a issue.
To view issues, perform the following:
Select Issues from the top menu. The dashboard shows all vulnerabilities with their details, and total number of open and fixed issues. By default, only Open status issues appear—use the filter to show Fixed issues.
2. You can search for a particular repository using the Repositories drop-down list. You can select the required repositories and check the issues and their details.
3.You can view the total number of open and fixed issues for a repository by clicking the View Details.
4. You can see the Open issues related to the repository. You can also refine the issues based on the priority such as Critical, High, Medium and Low.
Details about the issue, and when possible, a remediation and references to the corresponding PR, issue, CWE, CVE, or GHSA record, and so on.
Read the details and decide how you want to fix the vulnerability, for example, by applying a Snyk patch
You should have the necessary permission to dismiss the issue. With out necessary permissions, the eye icon will not be available to dismiss issue.
6.You can also click a CWE-# link , CVE-# link, or GHSA link to read a description, references, and so on, about the vulnerability. The Common Weakness Enumeration website or Common Vulnerabilities and Exposures website or GitHub Advisory Database shows an identifier and details for the vulnerability by an identifier.
7. Investigate the vulnerabilities by opening the provided links to go directly to various websites for specific information about the vulnerability. For example:
Click a GitHub PR link, a GitHub Commit, and then a GitHub Issue link to learn more about the corresponding pull request, commit, and issue, respectively.
You have an option to download the CSV file that contains issues related to your repository. The downloaded CSV file contains information such as:
Repository ID
Snyk ID
Status
Remediation
Severity
Disclosure and Publication time
Along with the above listed information, it also contains other generic information.
You can download the issues related to all repositories or for the selected repositories and for the required date range.
To download the issues CSV file, perform the following:
1.Select Issues from the top menu.
5.Click the icon to see more details and to investigate the vulnerabilities. You can check the following details related to vulnerabilities:
You can use the icon to dismiss the vulnerability. You can dismiss the vulnerability incase if you feel the issue cannot be fixed, if the issue is minor or you do not want to fix the issue.
2.From the Issues banner, click the icon. The exports.csv file will be downloaded. You can check all the information related to the repository issues in the downloaded file.
