Applications Repositories
Code Security Applications is currently in beta for select Lacework customers. Contact your Lacework Representative for more information.
The Applications Repositories page displays an overview section as well as a list of the integrated repositories with application scanning enabled. Use the search bar at the top of the page to search and filter your repositories.
Overview
The overview section of the Applications Repositories page features a Top repos by 3rd party severity chart. This chart visually breaks down the repositories within your Git Org from the greatest number of highest severity vulnerabilities to low.
To estimate the number of critical vulnerabilities for a given repo, for example, hover over the repo's corresponding bar at the dividing line between Critical and High severity.
Repositories
The list of repositories provides the repository URL and path as well as a Repo summary, Default branch summary, and a visual breakdown of the number of vulnerabilities found and their severity. By default, the list is sorted by severity. Therefore, the repository with the greatest number of Critical vulnerabilities is displayed first. Use the Sort by dropdown to change this behavior.
For more information about a repository, click the corresponding table row to view the Repository Details
Repo Summary
Below the URL/path of the repository is the repo summary. The repo summary provides additional information about the specific repository such as how many branches the repo has, who the contributors are, and the date and time of the last scan.
Default Branch Summary
To the right of the repo summary is the default branch summary. The default branch summary provides additional information about the main or default branch of the repository such as the number of vulnerabilities the latest scan found, the average CVSS and NVD scores for the vulns, and the number of vulns at each severity.
Repository Details
By default, the repository details focuses on your repository's default branch. To select a different branch, click the repository URL in the path above the search and filter field or click View all branches. You can use the search and filter field to pinpoint specific vulnerabilities or libraries.
Selected Branch Details
For the selected branch, additional information and a breakdown of vulnerabilities is displayed. The following information is available for each branch:
- Git org - The integrated Git org in which this repository/branch resides.
- Repository - The repository in which this branch resides. Typically, the Git URL/path is provided here.
- Branch - The name of the selected branch. Click View all branches to view other branches in the repository and change the selected branch.
- Last scanned - The date and time of the last SCA scan.
- Commit - The commit ID that was last scanned by Lacework.
Vulnerabilities by Severity
The Vulnerabilities by severity chart overviews the number of vulnerabilities found for each severity in the specified branch scan.
Vulnerabilities
Below the branch details section is a table of the vulnerabilities found in the specified repository branch. You can use the search and filter options at the top of the page to update the vulnerabilities displayed. Additionally, you can click a column header to update the table's Sort by option.
For each vulnerability, the following data is provided in the table:
- Vulnerability Name - The name or identifier of a vulnerability.
- Library - The component or code library in which the vulnerability originates.
- Severity - The severity assigned by Lacework.
- CVSS Score - The severity score assigned by the Common Vulnerability Scoring System (CVSS).
- NVD Score - The severity score assigned by the National Vulnerability Database (NVD).
- Instances - The number of times a vulnerability is found in your specified branch.
- Version - The version number of a component in which the vulnerability was found.
- Fix Version - The version number of a component in which the vulnerability is expected to be fixed.