The security center provides a single location to review security issues and findings, and their severity. It automatically triggers an implicit security analysis whenever you create a component, or commit changes to the repository linked to a component, and displays the results. It displays the results of these scans with a rich context, such as the line of code where a security issue is discovered, and details from the security tool including reference links and remediation suggestions. It can also, where available, display results from security tools added in explicit workflows.
In CloudBees platform:
-
Issues are security issues reported by security tools.
-
Findings are individual occurrences of a security issue reported in a branch, file, or code location.
-
Severity is the rating reported by the security tool that discovered the finding.
Use the security center
The security center is only displayed in the navigation once a component has been selected |
To access the security center:
-
Select a component from the dropdown in the left navigation.
-
Select the Security dropdown from the left navigation, then select Security center.
-
Review the GitHub organization and repository names, the branch name, the date and time of the last scan.
-
Select a branch.
-
Review the total number of findings, and the number of findings by severity. Select a number of findings to filter issues by that severity.
-
Filter issues by one or more of:
-
Severity:
-
Very High.
-
High.
-
Medium.
-
Low.
-
-
Category:
-
Configuration.
-
License violation.
-
Operational risk.
-
Penetration testing outcome.
-
Policy violation.
-
SCA.
-
Secret violation.
-
Threat modelling outcome.
-
Vulnerability.
-
-
Security tool.
-
-
Review the total number of findings, grouped by security tool. Select a tool’s number of findings to filter issues by that tool.
-
Review security issue information:
-
Severity: the severity rating reported by the security tool that discovered the finding. Select to review detailed information on each finding of the issue, including:
-
File Name: The name of the file where the finding was discovered. Select the file name to navigate to the line in the file where the finding is located.
-
Tools: The tool that discovered the finding.
-
Further details: Review further information provided by the security tool, including CWE reference, and raw data for the finding. Where multiple tools report the same finding, select a tool from the dropdown menu to see information from that tool.
-
-
Code: The vulnerability code or CWE number of the issue.
-
Name: The name of the issue.
-
Category: The category of the issue.
-
Findings: The number of findings of that issue.
-
Scanning tools: The tools that reported the issue.
-
First identified: When the issue was first reported.
-