Use the component security center

2 minute read

Use the component security center to review security findings for individual components and understand how security issues affect specific assets within your development pipeline. The component view focuses on technical-level security information, helping developers understand security findings in the context of specific repositories, containers, or code assets. Component-level security management integrates with triage workflows and provides detailed technical context for security decision-making.

The component security center displays findings from implicit security analysis that automatically populate when CloudBees Unify detects security-relevant changes in your development pipeline.

For guidance on when to use the component security center versus the application security center, refer to application-security:explanation/understanding-security-center-workflows.adoc#component-vs-application-security-perspectives.

Prioritize correlated findings from multiple scanners, as they typically indicate higher-confidence security issues that warrant immediate attention.
You need the View findings by triage status permission to access security findings in the component security center. For permission details, refer to RBAC permissions reference.

To access the security center for a specific component:

  1. Select an organization from the organization selector.

  2. Select Components.

  3. Select the component name.

  4. Select Security center.

The component security center displays with findings organized by status tabs (Unreviewed, Fix Required, Awaiting Approval, Resolved).

Initiate triage workflows from component view

Connect component-level security findings to organization-wide triage and approval workflows to ensure appropriate security oversight.

Start triage process

To initiate triage for component security findings:

  1. From the component security center, review findings in the Unreviewed tab.

  2. Select findings that require triage decisions.

  3. Select Triage for individual findings. The triage interface provides technical context from the component view to inform your decision.

  4. Choose the appropriate triage status:

    • Fix Required: The finding requires developer remediation.

    • False Positive: The scanner incorrectly identified a security issue.

    • Risk Accepted: The security issue falls within acceptable risk tolerance.

Triage decisions require approval from organization owners according to organization-level approval workflows.

Track triage progress

To monitor triage workflow status from the component view:

  1. Select the Awaiting Approval tab in the component security center. Component-level view shows the status of triage requests for findings specific to this component.

  2. Review approval workflow progress for your component’s findings. Links connect to broader organizational security oversight while maintaining component-specific context.

  3. Check the Fix Required tab for findings that have been approved for remediation. These findings require developer action and can be integrated into development workflows.

For complete triage procedures, refer to Triage security findings.