For customers moving from the previous model of (library-based only) alerting to the new Security Alerts: View By Vulnerability, this page describes the changes encountered.
The following changes have been implemented to the Reports functionality:
Report | Changes |
---|---|
Alerts Report | Removed, and some of its functionality can be accessed through Security Alerts: View By Vulnerability. |
Ignored Alerts Report | Removed, and some of its functionality can be accessed through Security Alerts: View By Vulnerability. |
Risk Report | The Security panel has undergone name changes in some of its inner panels. |
Alerts Resolution Duration Report | Removed, and the Status column has been incorporated into the Licensing & Compliance Alerts and Security Alerts: View By Vulnerability. NOTE: Bulk actions of ignored/activated will be done only on items on which the action can be executed. |
Vulnerabilities Report | Removed, and the Top Fix column has been incorporated into Security Alerts: View By Vulnerability.. |
Miscellaneous | Ignoring an alert now implements all its operations in the same screen (without moving the user to other screens). |
The following changes have been implemented to the dashboards:
Dashboard | Changes |
---|---|
Dashboard in Project/Product pages, Home Dashboard |
|
Security Trends |
|
The following changes have been implemented for status updates containing new alerts emails:
Grey shields are removed for displays that focus on vulnerabilities.
Grey shields (for customers with installations of Prioritize) are removed for displays that focus on vulnerabilities.
The name of the Alerts panel has been changed, and its content now contains the Home dashboard categories for a library (those in Policy, Library, and Security).
The following is a list of APIs that have undergone changes if Vulnerability-based Alerting is enabled:
The changes are as follows:
The following is a list of new APIs that are only available to organizations if Vulnerability-based Alerting is installed:
APIs for generating security alerts reports, detailed by vulnerability
APIs for generating security alerts reports, detailed by library
APIs for generating license and compliance alerts reports
For more details on these API calls, please refer to the API v3 documentation - HTTP API v1.3#Vulnerability-basedAlerts
Additionally, the following is a list of APIs that are not available to organizations if Vulnerability-based Alerting is installed:
Changes in the APIs do not cause any backward compatibility issues. |
For the remaining APIs that have not been affected by the transition to Vulnerability-based Alerting, see the following:
NOTE: In case there is a relation between a CVE and a source file, the following elements will be added to the API response:
//This is the new element that was added to the response in case the alerts relate to a source file "sourceFiles": [ { "name": "swagger-ui.min.js", "sha1": "0d1935e6d5d00a2c096989f5de2e08d8b2446d96", "systemPath": "dist/swagger-ui.min.js", "lastModified": "2019-08-28", "bytes": 0, "numOfLines": 0, "id": 6574351 } ] |