Skip to main content

Monitor your incidents

What is a SCA incident?

An incident is uniquely defined by the association of the three following factors:

  • A dependency file within one of your sources
  • A dependency library along with its version
  • A known vulnerability, through a specific vulnerability Id

Each SCA incident carries additional information, such as:

  • A status. The Incidents lifecycle section below provides details on statuses.
  • A severity and a Common Vulnerability Scoring System(CVSS) score.
  • An Exploit Prediction Scoring System (EPSS) score.
  • The type of incident, whether introduced by a direct or transitive dependency.
  • Contextual information on the vulnerability, depending on the nature of the vulnerability. As an example, it can include:
    • The impact of the vulnerability,
    • Patches, workarounds,
    • References,
    • Etc.
  • A recommendation on how to fix the issue.
  • A link to the list of sources affected by the same vulnerability, which helps you streamline remediation through all the sources.

Incidents list and details

Incidents lifecycle

Each incident may go through the following stages, depending on its lifecycle:

  1. Newly created incidents will be set to the Triggered status by default.
  2. Incidents will be automatically set as Resolved by GitGuardian, in the following two cases:
  • The dependency has been updated to a version not impacted by the vulnerability.
  • The dependency is no longer present (e.g. deleted from the declaration file, the whole dependency file deleted, or the repository deleted or no longer monitored).
  1. Incidents can also be Ignored, in case this is a false positive for instance. Any ignored incident can be manually or automatically re-opened. Please refer to [Ignore Incidents](./remediate-your-incidents#ignore-incidents for more information.

Incident lifecycle

Prioritize incidents

One of the key challenges of SCA is to prioritize your incidents, which may vary a lot depending on your business context.

The Incidents view will help you achieve this goal with a set of parameters that can be leveraged to help you best focus your efforts:

  • The CVSS score and associated severity,
  • The source to help you focus on critical repositories,
  • If a fix is available or not, as it directly impacts the efforts towards the incident remediation,
  • If the impacted dependency is direct or transitive, vulnerabilities on direct dependencies tend to be more actionable.

Filtering and sorting capabilities offered by the Incidents view allows you to narrow down the list and guide your efforts towards incident remediations, for instance.

By default, all your incidents are ordered by severity and filtered only to show opened incidents (Triggered).

Incidents filtering

How can I help you ?