Using Vulnerabilities Data

Software Composition Analysis

The Vulnerabilities tab lists all the vulnerabilities in your portfolio by CVE and severity rating.

This tab provides detailed information on all the known vulnerabilities in your portfolio. It sorts the vulnerabilities by severity, and lists the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) IDs. Each severity is counted and described. The description field provides links to the affected applications and components.

Use the filter function to list applications by CVE ID, application name, component, or any combination of these filters. If you switch tabs after filtering data, the filter sorts the content in the new tab unless you clear the filter. Click the CVE or CWE ID link in the table to navigate to the National Vulnerability Database to view additional CVE or CWE ID information.

Veracode updates the vulnerabilities list every Wednesday between 12:00pm and 10:00pm ET to reflect any changes in the National Vulnerabilities Database, to provide the latest information on third-party component vulnerabilities in your applications. In turn, SCA results and downstream dashboards such as a Governance Risk and Compliance (GRC) systems are updated to reflect any new vulnerabilities.