Once an artifact is indexed, Xray will validate if the artifact contains any security issues in any of the categories you have enabled for scanning.
To view scan results, go to Application | Xray | Scans List.
Select the resource type Repositories. Note that, in this version, the new scan categories are only supported for Repositories.
Select the resource from the list.
Each scan contains an overview of the results such as how many vulnerabilities were found, the scan status, and so on. It is important to note that each category has a set of scanners that will search for specific issues. To provide you with full visibility as to what Xray scanned for, the results will show all scanners including items that were scanned and are OK.
Select the scan you want to view.
The scan results are displayed under Security Issues.
Select the issue to view more details. Each issue contains the following information:
Field
Description
JFrog Severity Badge
The severity of the issue that was determined by the JFrog Security Research Team:
Critical
High
Medium
Low
Status
There are two possible statues:
To Fix: An issue that was found and should be fixed
OK: An issue Xray scanned for and verified is okay (i.e., no security issues were found)
ID
Issue identifier
CWE
The Common Weakness Enumeration (CWE) identifier for the weakness type this issue is associated with.
Fix Cost
Estimate for the effort involved in fixing the suggested resolution:
High effort: Substantial effort is required from the software developer. Examples include building code from source and applying broad configuration changes.
Medium effort:A medium-level action is required from the software developer. Examples include making changes to existing configurations.
Low effort:Minimal effort is required from the software developer. Examples include removing a file, and making minor changes to existing configurations
Findings
Provides information on the issue in terms of exactly what and where was found, the security impact of the issue, and what needs to be done to fix it.
Outcomes
Possible consequences of an attack utilizing this issue.