Skip to main content

Applications Overview

Beta feature

Code Security Applications is currently in beta for select Lacework customers. Contact your Lacework Representative for more information.

The Applications Overview page is the default for SCA scanning in the Lacework Console. After you integrate a repository with Lacework, we will scan and monitor your repositories for SCA vulnerabilities. To enable or disable scanning capabilities, go to your Organization Settings.

If you have SCA scanning enabled, your Applications Overview page is populated with a high-level overview of your scan results.

Top Application Vulnerabilities

Vulnerabilities by Age and Severity

The vulnerabilities by age and severity chart that gives you insight into how long vulnerabilities have existed in your organization, and a visual breakdown of severity. Hover over the chart for additional information about a specific X,Y point on the chart. Vulnerabilities at each age range are grouped from highest severity to lowest. For example, if I were to hover over the end of my critical vulnerabilities for the 0-14 day range, I can gather that I have about 12 critical vulnerabilities in my Git org.

Top Repos by Vulnerabilities

The Top Repos by Vulnerabilities chart displays your integrated repositories from the greatest number of vulnerabilities to least and a visualization of severity. For example, my lacework-example repository has the greatest number of vulnerabilities in my Git Org. To understand the specific number of vulnerabilities this repository has, I can hover over the lacework-example bar and gather that I have 160 total vulnerabilities, with about 13 being of Critical severity. Additionally, the chart features a visual breakdown of vulnerability severity. In the lacework-example repository, I can gather that most of the vulnerabilities are High severity, followed by Medium, and then Critical.

Top 3rd Party Vulnerabilities by Severity

If you have SCA scanning enabled, the Top 3rd Party Vulnerabilities by Severity table is populated with vulnerabilities found in your Git organization. The results are sorted by highest severity and greatest number of vulnerability instances. For example, CVE-2022-42003 and CVE-2023-34455 are both high severity, but CVE-2022-42003 has 418 instances compared to 352, so CVE-2022-42003 comes first. Click any column header to change the default sorting option.

The table data includes:

  • Vulnerability Name - The name or identifier of a vulnerability.
  • Library Name - The component in which the vulnerability originates.
  • Severity - The severity assigned by Lacework.
  • CVSS Score - The severity score assigned by the Common Vulnerability Scoring System (CVSS).
  • NVD Score - The severity score assigned by the National Vulnerability Database (NVD).
  • Instances - The number of times a vulnerability is found in your Git Org.
  • First seen - The date a vulnerability was introduced into your Git Org.

Click a table row or vulnerability name for more information about the specific vuln.

Vulnerabilities Over Time

The Vulnerabilities Over Time line graph tracks the number of vulnerabilities found in your Git Org over time. This enables you to keep track of vulnerabilities at a given date and identify abnormal activity, such as a spike in vulnerabilities. For example, if one week I have only a handful of vulnerabilities, and the next week I have 522, and I know that I ran a software update between them, I would investigate that particular software component.

Percentage of Vulnerabilities to Lines of Code

The line graph for the Percentage of Vulnerabilities to Lines of Code gives you further insight into the security posture of your Git org. In general, a lower percentage indicates a better security posture as there are fewer vulnerabilities per line of code. Therefore, as you introduce new code into your Git org, the percentage should decrease. However, if it increases, it is likely that you have introduced more vulnerabilities.