LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • Filters
  • Vulnerability graph
  • License risk widget
  • Fixed vulnerabilities widget
  • Snapshots
  • Pruning

Was this helpful?

Export as PDF
  1. Product
  2. Exporting or SBOM

Overview

Explore the data and snapshots you can find on the Overview page in the tool.

Clicking Overview on the left side menu will take you to a dashboard allowing you to get a clear overview of all vulnerabilities found in your organization.

Filters

Repository or Branch

The data presented in the Overview can be filtered depending on your needs. The repository picker enables you to select either a specific repository/branch or all your repositories altogether. When an individual repository is selected a specific branch selector shows up to further narrow down your data. The All repositories view shows data from the sum of the default branches present in all repositories.

Due to limitations, it is not always possible to identify the default branch except for GitLab users. For other users, the default branch can be identified if the branch name is either master or main. An effort is still made to identify your default branch correctly. This effort consists of looking for the branch with the most activity as it is assumed that, at least over time, this is the most interesting branch to look at.

Time period

The OpenText Core SCA API allows you to see data for any given interval. Keep in mind that for the period prior to the first snapshot, the data will be padded with 0 values. Since the snapshots older than a month are pruned, the intervals beginning over 30 days ago must have a two-week range.

Vulnerability graph

The main dashboard presents your organization’s historical data in the form of a graph. This view visualizes the total amount of vulnerabilities in selected repositories, grouped by severity. You can adjust the graph according to your needs, by changing the values in the repository/branch and time period pickers.

License risk widget

The bottom widget presents your current licence compliance risks, grouped by risk levels: critical, high, medium, low, and unknown. Keep in mind that this widget always shows you the current data, unaffected by the time period picker. You are still able to customize it by changing the selected repository/branch.

Fixed vulnerabilities widget

The left-side widget presents information about your recently fixed vulnerabilities, including:

  • The total amount of fixed vulnerabilities.

  • The number of vulnerabilities fixed over the time period selected with the picker.

  • A graph visualizing your fixed vulnerabilities over a time period.

  • A sorted list of fixed vulnerabilities, the vulnerabilities fixed most recently shown at the top. You can also find their severity and the date they were fixed on.

    • Click the name of the vulnerability to view the Vulnerability page.

    • Click the folder icon to open the repository where the vulnerability was found.

    • Click View More to view the complete list of fixed vulnerabilities in the currently selected scope.

You can also:

  • Search the list of fixed vulnerabilities.

  • Customize this widget by selecting the repository or branch and time period, using the filters.

Snapshots

In order to accurately represent data in the overview, OpenText Core SCA periodically saves snapshots of the state of users' repositories. These snapshots contain the number of unknown-, low-, high-, and critical-severity vulnerabilities in a given repository. This evaluation is based on CVSS scores, with CVSS3 always taking precedence over CVSS2. When a vulnerability does not have a CVSS score, it is assigned the unknown severity. The snapshots don’t record any other details about the vulnerabilities, only the quantity. They are created once per day and are updated upon each successful scan of a repository. Keep in mind that only snapshots coupled to the branch(es) being scanned will be updated.

Pruning

In order to limit the amount of data that has to be stored, OpenText Core SCA periodically prunes the snapshots. All Sunday snapshots are saved indefinitely, but the snapshots taken on other days are only retained for one month. That results in the resolution of the dashboard graph being drastically reduced for data older than one month.

Last updated 3 days ago

Was this helpful?