# Investigate and Remediate Vulnerabilities **Protect Your Project from Vulnerabilities** LFX Security identifies vulnerabilities in your project code and helps you fix them with automated updates and patches. Here's how it works: 1. **Vulnerability Detection**: LFX Security scans your repositories, maps dependencies, and correlates them with a vulnerability database. 2. **Investigate and Remediate**: For each vulnerability, you can investigate the issue details and remediate it by: * Upgrading to a vulnerability-free version of the package * Applying a patch to fix the vulnerability * Removing the dependency if the risk is too high By addressing vulnerabilities, you can prevent data damage, protect your project, and ensure the security of your developers. ## **View Issues** Issues tab provides a list with all the issues related to the project. The issue list provides information such as repository name, open issues, type of issues such as critical, high, medium and low. You can also see the complete details related to a issue. To view issues, perform the following: 1. Select **Issues** from the top menu.\ The dashboard shows all vulnerabilities with their details, and total number of open and fixed issues. By default, only Open status issues appear—use the filter to show Fixed issues. ![Issues](/files/wo83BF43pLZ3xWhngxfn) 2\. You can search for a particular repository using the Repositories drop-down list. You can select the required repositories and check the issues and their details. ![Search Issues](/files/tzHGQUDjV5eeUlS7trAx) 3.You can view the total number of open and fixed issues for a repository by clicking the **View Details**. ![View Details](/files/mHXDwIlTFLNviOwpLbuw) 4\. You can see the Open issues related to the repository. You can also refine the issues based on the priority such as Critical, High, Medium and Low. ![Open Issues](/files/CVl9bC66TBE9mze3H76A) 5.Click the ![](/files/-MFYF5naiYEtATZGPh_h) icon to see more details and to investigate the vulnerabilities. You can check the following details related to vulnerabilities: * Details about the issue, and when possible, a remediation and references to the corresponding PR, issue, CWE, CVE, or GHSA record, and so on. * Read the details and decide how you want to fix the vulnerability, for example, by applying a Snyk patch ![Vulnerability Details](/files/-MFYFnlW8c8fluK1XBjx) {% hint style="warning" %} You can use the ![](/files/-MfH4dnlh-5QVMmtfDmf) icon to dismiss the vulnerability. You can dismiss the vulnerability incase if you feel the issue cannot be fixed, if the issue is minor or you do not want to fix the issue. You should have the necessary permission to dismiss the issue. With out necessary permissions, the eye icon will not be available to dismiss issue. {% endhint %} 6.You can also click a CWE-# link , CVE-# link, or GHSA link to read a description, references, and so on, about the vulnerability. The [Common Weakness Enumeration website](https://cwe.mitre.org) or [Common Vulnerabilities and Exposures website](https://cve.mitre.org) or [GitHub Advisory Database](https://github.com/advisories) shows an identifier and details for the vulnerability by an identifier. ![CVE, CWE and GHSA](/files/iAbqFTJ4roVWO2ezhMcI) 7\. Investigate the vulnerabilities by opening the provided links to go directly to various websites for specific information about the vulnerability. For example: * Click a **GitHub PR** link, a **GitHub Commit**, and then a **GitHub Issue** link to learn more about the corresponding pull request, commit, and issue, respectively. ![GitHub Links](/files/-MFjwjz4rwvg9vkeqy5s) ### Download Issues You have an option to download the CSV file that contains issues related to your repository. The downloaded CSV file contains information such as: * Repository ID * Snyk ID * Status * Remediation * Severity * Disclosure and Publication time Along with the above listed information, it also contains other generic information. You can download the issues related to all repositories or for the selected repositories and for the required date range. To download the issues CSV file, perform the following: 1.Select **Issues** from the top menu. 2.From the Issues banner, click the ![](/files/-MIZNtT8SlUCDvSfLCq5) icon. The exports.csv file will be downloaded. You can check all the information related to the repository issues in the downloaded file. ![Download Issues](/files/cwGotpGcRWy2oMq9YaXb) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.linuxfoundation.org/lfx/security/investigate-and-remediate-vulnerabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.