Open Source Libraries Scan (SCA)

Modified on Wed, 11 Oct 2023 at 05:11 PM

Starting Scan

We can start an online scan by clicking on the SCAN button on top right
We choose Github for this example.
Once clicked get a repo to scan. For the demonstration purpose we take Vulnado.
We clone the repo and paste it like,
Hit the green plus sign and scan
Scan with start
Once online scans finishes we get the result like following
Above picture shows that we scanned a project names “vulnado-test” which has our pom.xml (SCA JAVA) and other scans. Let’s dive into that.
Once you click on it you will be redirected to a page like following
Which will contain the following information about your SAST scan
  1) Project Scanned
Named of our current project. In this case vulnado-test
 2)  Scan Date
When scan was performed on which date and at what time
 3) User’s Email
Which user performed this scan, we show their email address
4) RuleId 
Which rule matched our sets of backend rules. We show that
5) Vulnerable Depedency 
Vulnerable dependencies with exact verion
6)Description of CVE 
More information about the vulnerability that dependency have
 7) Patch
How to fix that issue
  8) Filter Severity 
          -  To filter your results based upon the criticality 
Once sca scan is done, we can patch the vulnerable dependencies directly from UI if Source Control (Github/ Gitlab/ Bitbucket) is configured and you know that repo.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article