On the scan details page, click any of the rows. The resulting page provides information about Violations, Security, and Components. To learn more about the information contained in each tab, see Analyzing Resource Scan Results.
The following sections describe the Xray Data sub-tabs displaying the Packages resource as an example.
Violations
Displays the violations detected on the package version based on the watches and associated policies set by the users. They are only reported for the root component, not for its dependencies. You can view the vulnerability severity, type, and associated policies. To view a component and its dependencies, click the Component icon. In some cases, when violations are detected, as a security or legal personnel, you would like to accept or add some of these violations to an Allow List. For more information, see Ignore Rules.
Security Issues
Displays the known CVEs for the selected package version and the affected versions and fixed versions that do not contain the CVE.
Advanced Scans
If you have advanced scanning enabled, you can view the advanced scan results for Vulnerability Contextual Analysis and Exposures under the security issues section.
You can also scan existing artifacts to get advanced scanning results using the Run Contextual Analysis and Scan for Exposures options by clicking on the Actions Menu in the artifact.
This feature requires Xray version 3.66.x and above.
Components
Displays the licenses assigned to a specific version and trigger violations in case it matches the criteria of any existing Watches.