Issues tab

Overview

The Issues tab displays all known vulnerability and license discrepancies across your projects, indicating details about each issue and which of your projects is affected, and how you can fix each issue.
Data in each of the main tabs is displayed based on the filters you've applied from the top of the Reports area, as well as the group or organization that you're viewing from.
By default, issues are displayed grouped per issue, similar to the following example:
The number of issues that you’re currently viewing, based on the filters and searches you used, appear on the Issues tab label.

Grouped and ungrouped views

Use the default grouped view to get an overview of the general health of your organization on the whole by inspecting the number of projects affected per issue and the number and kinds of issues affecting your projects.
Alternatively, click View issues ungrouped to ungroup data, viewing a separate line for each project in which the issue occurs; meaning the same issue can appear multiple times if it affects multiple projects. This ungrouped view provide more details about each affected project, and the recommended fix.
Click the View issues ungrouped or View issues grouped link to toggle between views.

Issues tab elements

All views

These fields appear for both views (grouped and ungrouped):
Element
Description
Severity
The icon of the associated severity for this issue:
Critical
High
Medium
Low
Score
The Snyk Priority Score, useful to guide the order in which you fix issues.
Issue
The official name of the issue and a list of all affected packages that are contained by your projects. The issue is linked to the Package page.
Identifiers
All associated CVE identifiers. Each identifier is linked individually to the full official CVE or CWE vulnerability details as relevant.
Projects
When viewing issues ungrouped, this is a complete list of all projects affected by the specific issue, and an indicator of the source of the projects.
If viewing the issues grouped, this column displays the number of projects affected by the issue.
Click on the total of projects to open a panel where a list of all affected projects in that grouping is displayed. Details in this view include:
  • Project
  • Status
  • Introduced-date the issue was detected in the project
  • Fixable—whether the issue can be eliminated with an upgrade or patch
Exploit maturity
How practical an exploit for a vulnerability is: (see Evaluating and prioritizing vulnerabilities)
  • Mature: a published code exploit that can easily be used for this vulnerability is available.
  • Proof of concept: a published, theoretical proof-of-concept or detailed explanation that demonstrates how to exploit this vulnerability is available.
  • No known exploit: neither a proof-of-concept code nor an exploit were found for this vulnerability, or are not publicly available.
  • No data: this value indicates one of the following:
    • The issue is not a vulnerability (but rather, a license issue);
    • The ecosystem is not currently supported by Snyk (Linux); or
    • The project was imported prior to the release of this feature
    • Reimport the project in order to scan for this data

Ungrouped view only

These fields appear only when viewing issues ungrouped:
Element
Description
Fixable
An upgrade or patch is available to fix the vulnerability.
  • Patch: Issues that can be fixed with a Snyk patch.
  • Upgrade: Issues that can be resolved by upgrading the affected package.
  • Pin: Issues that can be fixed by making a transitive dependency into a direct dependency. Note: this is currently Python-specific.
  • No: Issues for which there is currently no known fix.
Introduced
The date the issue was introduced in the project.
Status
The current status of a vulnerability:
  • Open: Issues that have not been handled
  • Fixed: Issues for which Fix PRs have been submitted (automatically by Snyk)
  • Patched: Issues that have been fixed with Snyk patches
  • Ignored: Issues to which the Ignore policy applies
Reachability
Whether vulnerabilities have a path from the code to the vulnerable function (see Reachable vulnerabilities):
  • Reachable: There is a clear path from the app’s code down to the vulnerable function.
  • Potentially reachable: There are indications that you might be exposed to the vulnerability.
  • No path found: We don’t have enough information to decide whether the vulnerability is reachable.
Jira issue
When a Jira integration is configured for the project and a Jira issue has been filed against the issue in Snyk, this column displays the Jira key and links to that same issue within Jira.

Issues tab actions

These controls appear above the table:
Search issues: search based on CVE, CWE or identifier name (i.e. DDoS). When searching by CVE or CWE, you must provide an exact value (for example CVE-1234), but when searching for identifier name, typing in a piece of the word will return results.
Issue filters: mark the issues to be displayed by selecting a range of priority scores, specific issue types, exploit maturity, status, fixable values and reachability, as described in the Issues tab elements section.
Export—click the button to choose which format you’d like to export issue data in:
  • CSV
  • Print/generate a preview from the Print dialog box in your local environment. This can take a few seconds to generate.
Only 2,000 issues can be generated at once.
Last modified 2d ago
Export as PDF
Copy link
Edit on GitHub