Analyze Detailed Scanned Data on Resources

Each of the scanned resources - packages, builds, artifacts and Release Bundles contains the following set of Xray sub-tabs and a list of actions.

The Xray Data sub tabs are:

The following sections describe the Xray Data sub tabs displaying the Packages resource as an example. Please note the tabs are identical for builds, artifacts and Release Bundles.

Violations

Displays the violations detected on the package version based on the watches and associated policies set by the users. You can view the vulnerability severity, type and the associated policies. To view a components and its dependencies, click on the Component icon. In some cases, when violations are detected, as security or legal personnel, you would like to accept or to add some of these violations to an Allow List. For more information, see Ignore Rules.

Violation Details

Vulnerability Details

Physical Path of Vulnerable Component

Security

Displays the known security vulnerabilities for the selected package version and the effected versions and fixed versions that do not contain the vulnerability. For a description of detailed severity levels see Determine the Issue Severity Level for Operating Systems Packages

To examine the details of a violation, click the violation in the list to display the Issues Details popup.

Licenses

Displays the licenses is assigned to a specific version and triggers violations in case it matches criteria of any existing Watches. Click on the License to view the license attached to the components.

Descendants

Displays the components that the selected component includes (depends on).

Ancestors

Displays components that include (depend on) the selected component.