How can I view vulnerabilities identified in source code for an asset?

To view the vulnerabilities identified in source code for an asset, follow the steps below:

  1. Login into I3 Portal
  2. Using the left floating menu navigate to Assets —> Manage
  3. Click on the link in the Asset Name column for the specific asset in the Assets table.
  4. On the Asset details page, click on Code Vulnerabilities from the ribbon menu
  5. You can filter code vulnerabilities using the below:
    • Specify search text in the Search box. This is searched in the following: Source filename, Description, Source code snippet and Status
    • Specify the State of the finding i.e. Open / Resolved / Ignored
    • Click on the charts (Rating, OWASP Categories, CWE Distribution) for further filtering
  6. To view details for a specific code finding, click on the Line number link displayed in the Line # column for that finding.
  7. To change the state of a selected issue, click on State value link in the Status column and toggle the state in the displayed pop-up window. For bulk update of multiple issues, refer link.