Cloud Services

DevOps Intelligence

Dependency Check
Published On Nov 19, 2024 - 12:27 PM

Dependency Check

DevOps Intelligence supports dependency checks using a dashboard that displays checks, broken out by relevant categories.
Selecting Dependency check will open the dependency check dashboard displaying graphs representing the dependency severity chart under the following criteria:
  • Dependency check by severity
  • Top critical technical services
  • Top critical components
  • Dependency check details

Dependency check by severity

The graph data represents the total number of vulnerabilities aggregated according to day-month timeline selection. Severities are classified into five categories: Critical, High, Medium, and Low. Graph data supports the selection of the above Drop-down menu application & teams. By default, it represents 180 Days old data.
  • X-Axis (
    Duration
    ): The X-axis corresponds to the months and dates from the time period selected to show data.
  • Y-Axis (
    Total Vulnerabilities
    ): The Y-axis corresponds to the number of vulnerabilities detected in the selected time period.
By hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected and the Severity they belong to, as follows:
  • Group:
    The Severity to which the vulnerabilities belong.
  • Months/Date:
    The cut out date for the vulnerabilities detected.
  • Total/Value:
    The total number of vulnerabilities detected.
By placing the cursor right above a bar, in alignment with the center of it, the following information is displayed:
  • Critical:
    Total number of critical Vulnerabilities. Represented by a dark red color.
  • High:
    Total number of high Vulnerabilities. Represented by a red color.
  • Medium:
    Total number of medium Vulnerabilities. Represented by an yellow color.
  • Low:
    Total number of low Vulnerabilities. Represented by a green color.

Top critical technical services and Top critical components

The top critical technical services chart represents top 5 technical services listed according to its criticality and, the Top critical components chart represents top 5 components listed according to its criticality.

Dependency check details

The Dependency check details table is a table that provides the latest dependency check executed enabling a detailed view of each technical service. Each row in the table displays information for a specific technical service, separated by columns of information type:
  • Technical service:
    The name of the micro technical service within the larger application.
  • Application:
    The name of the application, typically comprising multiple micro-technical services.
  • Vulnerabilities:
    Total number of vulnerabilities detected for a technical service.
  • Critical:
    Total number of critical vulnerabilities detected for a technical service.
  • High:
    Total number of high vulnerabilities.
  • Unassigned:
    Total number of unassigned checks.
  • Vulnerability components:
    Total number of vulnerabilities components.
  • Secure engine:
    The security source tool configured.
  • First occurrence:
    Date of the first vulnerability occurrence.
  • Last occurrence:
    Date of the last vulnerability occurrence.
The Dependency check table also supports detailed views for each technical service. To access details for a specific technical service, select the overflow menu located to the far right of the table and select
View Details
.

Dependency check table details

When you select
View Details
from a technical service from the table details, a new dialog appears with technical service details. The following elements are displayed in this dialog:
  • The title
    DevOps-Operations
    .
  • Two tabs that you can click on, with the option to toggle between ascending and descending alphanumeric order for most columns:
    Components
    and
    Vulnerabilities
    .
    • Components:
      Clicking the
      Components
      tab displays
      Component Details
      in a tabular form and provides the following details for the technical service:
      • Component
      • Version
      • License
      • Risk Score
      • Vulnerabilities
    • Vulnerabilities:
      Clicking the
      Vulnerabilities
      tab displays
      Vulnerabilities Details
      in a tabular form and provides the following details for the technical service:
      • Vulnerability ID
      • Source
      • Weakness
      • Description
      • Severity
      • CVSS Score
      • Component Name
      • Sha-256
      • Risk Score
      • Dependencies
The
Dependency check
and
Vulnerability details
table displays data regardless of the timeframe selected. All columns in this table can be sorted, and above this table, you will find a
Settings
icon that allows changing the table settings to show or hide pre-selected columns and a search box that allows you to search.

Configuration

A dependency Track connection in IAM is required prior pulling data in DevOps Intelligence. Make sure to have the proper access rights to the projects intended to sync and specify the project which user needs to track through the DevOps Intelligence. For additional information on how to set a connection, refer to Dependency Track connection. For additional details, refer to Dependency Track configuration.
Do you have two minutes for a quick survey?
Take Survey