Legacy Reports Issues tab

Overview

The Issues tab displays all known vulnerability and license discrepancies across your Organization, indicating details about each issue, which of your Projects are affected, and how you can fix each issue.

Data in each tab appears based on the filters you've applied from the top of the Reports area, as well as the Group or Organization that you're viewing from.

By default, issues are ranked by their Snyk Priority Score; you can also filter based on columns. For example, you may want to look at the highest scores with the most maturity (which are likely to have more exploits). You can also track the list of issues that got fixed.

Click Export to export or print these results.

Grouped and ungrouped views

Use the default grouped view to get an overview of the general health of your organization on the whole by inspecting the number of projects affected per issue and the number and kinds of issues affecting your projects.

Alternatively, click View issues ungrouped to ungroup data, viewing a separate line for each project in which the issue occurs; meaning the same issue can appear multiple times if it affects multiple projects. This ungrouped view provide more details about each affected project, and the recommended fix.

Click the View issues ungrouped or View issues grouped link to toggle between views.

Issues tab elements

All views

These fields appear for both views (grouped and ungrouped):

Element

Description

Severity

The icon of the associated severity level for this issue:

Score

The Snyk Priority Score, useful to guide the order in which you fix issues.

Issue

The official name of the issue and a list of all affected packages that are contained by your projects. The issue is linked to the Package page.

Identifiers

All associated CVE identifiers. Each identifier is linked individually to the full official CVE or CWE vulnerability details as relevant.

Projects

When viewing issues ungrouped, this is a complete list of all projects affected by the specific issue, and an indicator of the source of the projects.

If viewing the issues grouped, this column displays the number of projects affected by the issue.

Click on the total of projects to open a panel where a list of all affected projects in that grouping is displayed. Details in this view include:

Project
Status
Introduced-date the issue was detected in the project
Fixable—whether the issue can be eliminated with an upgrade or patch

Exploit maturity

How practical an exploit for a vulnerability is: (see View exploits)

Mature: a published code exploit that can easily be used for this vulnerability is available.
Proof of concept: a published, theoretical proof-of-concept or detailed explanation that demonstrates how to exploit this vulnerability is available.
No known exploit: neither a proof-of-concept code nor an exploit were found for this vulnerability, or are not publicly available.
No data: this value indicates one of the following:
- The issue is not a vulnerability (but rather, a license issue).
- The ecosystem is not currently supported by Snyk.
- The project was imported before the release of this feature. Re-import the project in order to scan for this data.

Ungrouped view only

These fields appear only when viewing issues ungrouped:

Element

Description

Fixable

An upgrade or patch is available to fix the vulnerability.

(Also see Vulnerability fix types):

Patch: Issues that can be fixed with a Snyk patch.
Upgrade: Issues that can be resolved by upgrading the affected package.
Pin: Issues that can be fixed by making a transitive dependency into a direct dependency. Note: this is currently Python-specific.
No: Issues for which there is currently no known fix.

Introduced

The date the issue was introduced in the project.

Status

The current status of a vulnerability:

Open: Issues that have not been handled
Fixed: Issues for which Fix PRs have been submitted (automatically by Snyk)
Patched: Issues that have been fixed with Snyk patches
Ignored: Issues to which the Ignore policy applies

Reachability

Whether vulnerabilities have a path from the code to the vulnerable function (see Reachability analysis):

Reachable: There is a clear path from the app’s code down to the vulnerable function.
Potentially reachable: There are indications that you might be exposed to the vulnerability.
No path found: We don’t have enough information to decide whether the vulnerability is reachable.

Jira issue

When a Jira integration is configured for the project and a Jira issue has been filed against the issue in Snyk, this column displays the Jira key and links to that same issue within Jira.

Issues tab actions

These controls appear above the table:

Search issues: search based on CVE, CWE or identifier name (i.e. DDoS). When searching by CVE or CWE, you must provide an exact value (for example CVE-1234), but when searching for identifier name, typing in a piece of the word will return results.

Issue filters: mark the issues to be displayed by selecting a range of priority scores, specific issue types, exploit maturity, status, fixable values and reachability, as described in the Issues tab elements section.

Export—click the button to choose which format you’d like to export issue data in:

CSV
Print/generate a preview from the Print dialog box in your local environment. This can take a few seconds to generate.

Only 2,000 issues can be generated at once.

PreviousLegacy Reports Summary tab NextLegacy Reports Dependencies tab

Last updated 9 months ago