The ShiftLeft Dashboard provides you with information regarding all findings, including OSS vulnerabilities.
The Application Overview provides you with summary information of all the findings identified by ShiftLeft. At the bottom of the page, you'll find information regarding any open-source vulnerabilities identified.
OSS Vulnerability in Package
The OSS Vulnerability in Package panel lists all packages used by your application that contain security vulnerabilities, as well as the number of vulnerabilities present in each package.
pkg:firstname.lastname@example.org **3** indicates that the
mysql-connector-java package contains three vulnerabilities.
You can click on each line present to see a full list of vulnerabilities identified in each package.
OSS Vulnerability References
The OSS Vulnerability References panel lists all of the CVEs identified, as well as the number of times each CVE appears in your application.
Clicking on a specific reference will take you to a list of vulnerabilities found in the specific package and version.
OSS Vulnerabilities Overview
You can view a list of all OSS vulnerabilities found by clicking on the Open Box icon on the left side of your Dashboard.
Viewing Detailed Vulnerability Information
When you view lists of findings, you can click on an individual line item to open up additional security vulnerability information.
This detailed information view includes:
- The CVE reference ID (e.g.,
- The number of reachable findings involving this vulnerability
- A description of the vulnerability
- The suggested fix
Security Vulnerabilities Associated with Open Source Packages
When viewing your static analysis findings, ShiftLeft will let you know if there's an associated OSS Vulnerability. For example, the following shows a reachable SQL injection vulnerability introduced by one of the open-source packages your application uses: