Components

Find Vulnerabilities For a Component

For scanned or inoculated applications, the user can click on the component name to display a window with component detailed information, including the open-source license identifier (e.g. Apache-2.0) and the original release date.

For source scans, the Component Detail view displays the version information including the component age and release date. There are four tabs with more data: Risks, Suspicious Methods, Dependency Info, and Guidance.

How to Use MergeBase to Fix a Vulnerability

The Risk Status field is configurable by clicking the status of a CVE.

Select the status of your vulnerability from the Status dropdown, the reason for the status selected from the Justification dropdown, and then add a short description of the reason for your selections. These fields will populate the VEX analysis fields that are included in the SBOM + VEX report.