Managing Security Vulnerability Alerts
Code Insight provides the ability to view and close security vulnerability alerts. When the Electronic Update or Library Refresh process is run, it will generate these alerts for any new security vulnerabilities that are associated with inventory. The alerts allow you to investigate the most recent vulnerabilities and their effect on your project code, if any. Once you have addressed vulnerability impact, either by determining that vulnerability poses no threat to your application or by performing the required remediation to remove the threat, you can close the alert.
An alert can be automatically closed when its associated security vulnerability is manually suppressed by a Code Insight System Administrator (globally or at the project level) or by a project’s Security Contact or Developer Contact (at the project level only). See Suppressing or Unsuppressing a Security Vulnerability at the Global Level for more information.
When the Electronic Update or Library Refresh generates security vulnerability alerts, an email notification is sent to the Project Contact of each project containing inventory impacted by the alerts. Additionally, remediation tasks can be automatically created for any affected inventory that is subsequently rejected, as dictated by a project’s policy profile and remediation options (see Updating Inventory Review and Remediation Settings for a Project).
Users can view the alerts for a given inventory item in a project in the Analysis Workbench, from the Project Inventory tab, or from the Inventory view.
Refer to these topics for more information: