SQ31107
Detected presence of low severity vulnerabilities.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | low | medium | None | vulnerabilities: warning Reason: low severity vulnerabilities |
About the issueโ
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as low severity.
How to resolve the issueโ
- Perform impact analysis for the reported CVEs.
- Update the component to the latest version.
- Lower severity vulnerabilities can be resolved with less urgency, but you should still make a plan to do so.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Understanding vulnerabilities (External resource - National Cyber Security Centre)
- Vulnerability Severity Levels (External resource - Invicti)