Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-02-08 18:59:54 +00:00
Code Issues Projects Releases Packages Wiki Activity
dependency-track/docs/_docs/usage/impact-analysis.md
Steve Springett de898b599a
v3.6 doc update
2019-09-28 22:59:32 -05:00

23 lines
1.2 KiB
Markdown
Raw Blame History

---
title: Impact Analysis
category: Usage
chapter: 2
order: 2
---
When a vulnerability is published, organizations typically analyze the potential for impact in their environment.
Dependency-Track can help identify all affected projects across the organization. If the vulnerability is published
to a datasource Dependency-Track supports (i.e. NVD, NPM, OSS Index, VulnDB, etc), then simply looking up the
vulnerability in the platform is all that's required.
![incident response](/images/screenshots/vulnerability.png)
Dependency-Track contains a full mirror for each of the vulnerability datasources it supports. Virtually all public
information about the vulnerability including the description, affected versions, CWE, and severity, are captured,
as well as the affected projects. The list of affected projects is dynamically generated based on data in
Dependency-Track at the time of inquiry.
Alternatively, if the component name and version are known, then performing a search on that component will
reveal a list of vulnerabilities, as well as a list of all projects that have a dependency on the component.
![incident response](/images/screenshots/vulnerable-component.png)
Reference in a new issue View git blame Copy permalink