Vulnerabilities in project code can cause a range of problems for your project and the developers who use it. LFX Security shows vulnerabilities in your repositories and helps you to remediate risks with automated updates and patches.
For each repository, LFX Security maps the dependencies and correlates them with the vulnerability database. You can investigate and remediate certain types of vulnerabilities in your Git repository. For example, an injection vulnerability means your project does not guard against code being injected in your system to extract, damage, or destroy data. Investigate the issue details to find out how to remediate the vulnerability if possible.
If possible, address a vulnerability by upgrading to a vulnerability-free version of the package you are using. If you cannot upgrade, because no sufficient direct upgrade is available or because the upgrade includes breaking changes, another option is to apply a patch. A patch changes the locally installed package file to fix the vulnerability. If an upgrade or patch is unavailable, assess the issue and weigh risk against effort. If the risk is high, consider removing the dependency.
Issues tab provides a list with all the issues related to the project. The issue list provides information such as repository name, open issues, type of issues such as critical, high, medium and low. You can also see the complete details related to a issue.
To view issues, perform the following:
1.Select Issues from the top menu.
The dashboard shows all vulnerabilities with their details, and total number of open and fixed issues. By default, only Open status issues appear—use the filter to show Fixed issues.
2. You can search for a particular repository using the Repositories drop-down list. You can select the required repositories and check the issues and their details.
3.You can view the total number of open and fixed issues for a repository by clicking the View Details.
4. You can see the Open issues related to the repository. You can also refine the issues based on the priority such as Critical, High, Medium and Low.
icon to see more details and to investigate the vulnerabilities. You can check the following details related to vulnerabilities:
Details about the issue, and when possible, a remediation and references to the corresponding PR, issue, CWE, CVE, or GHSA record, and so on.
Read the details and decide how you want to fix the vulnerability, for example, by applying a Snyk patch
You can use the
icon to dismiss the vulnerability. You can dismiss the vulnerability incase if you feel the issue cannot be fixed, if the issue is minor or you do not want to fix the issue.
You should have the necessary permission to dismiss the issue. With out necessary permissions, the eye icon will not be available to dismiss issue.