CAST HIGHLIGHT - SCA - CWE count at the application level and the portfolio level are different

Follow

CWE information available at the portfolio level ie Software Compositions --> Weaknesses and CWE information at the application level under Application Results --> Software Composition tab is different.

 

Details

Count of  CWE  at the portfolio level and application-level works differently,

At the application level the CWE are detected based on the version of the component used, CWE’ column at the application level identifies the number of distinct weaknesses that have been triggered for a given component in the version used by the application. 

Whereas at the portfolio level it is not specific to the version used but it displays all the CWE in general. ‘CWE’ column at the portfolio level identifies the number of distinct weaknesses that have been triggered for a given component. 

 

Related Articles

CAST HIGHLIGHT - SCA - What are Vulnerabilities (CVE), Weaknesses (CWE), Known Exploited Vulnerabilities (KEV) Advisories and Common Platform Enumeration (CPE) ?

Analyze Open Source weaknesses before they become known vulnerabilities with CAST Highlight’s OSSIDB

Software Composition in Highlight: How Open Source component detection works

 

Additional Resources

CAST Highlight Troubleshooting Guides

CAST Highlight Product Documentation

 

 

Ticket

46665

 

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk