Dependency Check
supports dependency checks using a dashboard that displays checks, broken out by relevant categories dependency check is a critical element of your security assurance enables dependency checks tools to help you understand whether the dependency of each tool has been met to prevent security vulnerabilities dependency check indicates potential gaps in the operation of your tools that might be missing the latest security updates on the tool itself or other tools on which it depends dependency dashboard compositio selecting dependency check will open the dependency check dashboard displaying graphs representing the dependency severity chart under the following criteria dependency check by severity top critical technical services top critical components dependency check details dependency check by severity the graph data represents the total number of vulnerabilities aggregated according to day month timeline selection severities are classified into five categories critical, high, medium and low graph data supports the selection of the above drop down menu application & teams by default, it represents 180 days old data x axis ( duration ) the x axis corresponds to the months and dates from the time period selected to show data y axis ( total vulnerabilities ) the y axis corresponds to the number of vulnerabilities detected in the selected time period by hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected and the severity they belong to, as follows group the severity to which the vulnerabilities belong months/date the cut out date for the vulnerabilities detected total/value the total number of vulnerabilities detected by placing the cursor right above a bar, in alignment with the center of it, the following information is displayed critical total number of critical vulnerabilities represented by a dark red color high total number of high vulnerabilities represented by a red color medium total number of medium vulnerabilities represented by an yellow color low total number of low vulnerabilities represented by a green color top critical technical services and top critical components the top critical technical services chart represents top 5 technical services listed according to its criticality and, the top critical components chart represents top 5 components listed according to its criticality dependency check details the dependency check details table is a table that provides the latest dependency check executed enabling a detailed view of each technical service each row in the table displays information for a specific technical service, separated by columns of information type technical service the name of the micro technical service within the larger application application the name of the application, typically comprising multiple micro technical services vulnerabilities total number of vulnerabilities detected for a technical service critical total number of critical vulnerabilities detected for a technical service high total number of high vulnerabilities unassigned total number of unassigned checks vulnerability components total number of vulnerabilities components secure engine the security source tool configured first occurrence date of the first vulnerability occurrence last occurrence date of the last vulnerability occurrence the dependency check table also supports detailed views for each technical service to access details for a specific technical service, select the overflow menu located to the far right of the table and select view details dependency check table details when you select view details from a technical service from the table details, a new dialog appears with technical service details the following elements are displayed in this dialog the title devops operations two tabs that you can click on, with the option to toggle between ascending and descending alphanumeric order for most columns components and vulnerabilities components clicking the components tab displays component details in a tabular form and provides the following details for the technical service component version license risk score vulnerabilities vulnerabilities clicking the vulnerabilities tab displays vulnerabilities details in a tabular form and provides the following details for the technical service vulnerability id source weakness description severity cvss score component name sha 256 risk score dependencies note the dependency check and vulnerability details table displays data regardless of the timeframe selected all columns in this table can be sorted, and above this table, you will find a settings icon that allows changing the table settings to show or hide pre selected columns and a search box that allows you to search configuration a dependency track connection in iam is required prior pulling data in make sure to have the proper access rights to the projects intended to sync and specify the project which user needs to track through the for additional information on how to set a connection, refer to dependency track configuration docid\ h73fhs8pj okdopovvzwd by default, the dashboard shows only services that contain vulnerabilities, which means not all services are displayed click the show all toggle to display all services for selected applications, regardless of vulnerability