Understand your vulnerabilities

Recap You have viewed and understood scanned Projects; now you can look at the details of vulnerabilities in that Project.

See vulnerability details

First, open a target to see your Snyk Projects:

Next, select a Project in that list, to see details of the vulnerabilities found in that Project.

For example, for a Code analysis project scanned by Snyk Code:

See View project information for more details.

View Issue Cards

Now, look at the vulnerability information for each Snyk Project, provided in Issue Cards:

Again, there's a lot of information for you to understand, so take the time to understand how all of this information relates to your vulnerability, to help you decide on what fix actions to take.

For details, see Issue card information.

Access more vulnerability information

Snyk provides detailed resources for more information about vulnerabilities, accessible directly from the card:

Snyk Vulnerability Database: access details on a specific vulnerability.
Snyk Learn: access general information about that type of vulnerability.

Access Snyk Vulnerability Database

For Open Source and Container vulnerabilities, click on the Snyk vulnerability Identifier (on the right of the Severity Level) to access detailed Snyk Vulnerability Database information for that vulnerability, as defined by Snyk. For example:

For this example, click on the Snyk vulnerability Identifier to see how Hibernate core and its libraries are vulnerable to SQL injection:

Snyk Code and Snyk IaC issue cards have separate information sets for these areas.

Access Snyk Learn

Click Learn about this type of vulnerability to access Snyk Learn security educational materials:

For example, see Snyk Learn SQL injection for more details about this type of vulnerability.

Some cards may not have Snyk Learn lessons available - if so, no links are presented..

Understand the Snyk Priority Score

The Snyk Priority Score, ranging from 0 - 1,000, is our evaluation of the seriousness of the vulnerability. The Snyk Priority Score includes CVSS (Common Vulnerability Scoring System) information, plus other factors such as attack complexity and known exploits. For example, this Hibernate vulnerability has no known exploit allowing attackers to take advantage of that vulnerability.

Other factors also affect the score. For example, SQL injections are easy to run (you just need a web browser and submit a form), so increasing the score, but it takes more work to understand and exploit the results for that attack, so decreasing the score.

Open source vulnerabilities: fixes and dependency information

For open-source library scans by Snyk Open Source, you can also access fix and dependency information in the Fixes and Dependencies tabs of your Project results.

Fixes tab

Snyk's knowledge of the transitive dependencies in your project make it possible for Snyk to offer fix advice, in the Fixes tab:

See Fix your first vulnerability for more details.

Dependencies tab

Snyk uses the package manager of your application to build the dependency tree and display it in the Dependencies tab of the Project view:

Click the file tree icon () to build the dependency tree, showing which components introduce a vulnerability. This helps you understand how the dependency was introduced to the application:

For example, the above screenshot shows a vulnerability based on the transitive dependency qs@2.2.4, brought in from the direct dependency body-parser@ 1.9.0.

Now you understand your vulnerability information, you can decide how to fix it.

Continue with Fix your first vulnerability.

PreviousView your first Snyk Projects NextFix your first vulnerability

Last updated 2 months ago