Issues tab

The Issues tab displays all known vulnerability and license discrepancies across your projects, indicating details about each issue and which of your projects is affected. In addition, this area also displays information about which issues can be fixed, and how.

By default, issues are grouped together per issue, similar to the following example:

Get an overview of the general health of your organization on the whole by inspecting the number of projects affected per issue and the number and kinds of issues affecting your projects.

Alternatively, you can ungroup data, viewing a separate line for each project in which the issue occurs—meaning the same issue can appear multiple times if it affects multiple projects. Click the View issues ungrouped or View issues grouped link to toggle between views.

This view is beneficial in providing additional details about:

Each affected project
The recommended course of remediation

This view can be seen in the Elements column below, where all the elements of both views are described

Note

Data in each of the four tabs is displayed based on the filters you've applied from the top of the Reports area, as well as the group or organization that you're viewing from.

Issues tab elements

Just under the Export button, click the View issues ungrouped or View issues grouped link to toggle between views.

The Issues area appears similar to this image when viewing issues ungrouped:

The following table describes the different parts of the Issues area as displayed when viewing issues either grouped or ungrouped:

Element	Description	Possible values
Issue tab badge	The number of issues that you’re currently viewing, based on the filters and searches you used, are displayed on the issues tab.
Severity	The icon of the associated severity for this issue.	High Medium Low
Issue	The full officially recognized name of the issue and a list of all affected packages that are contained by your projects. The issue is linked to the Package page.
Exploit maturity	These values are available: Mature: a published code exploit that can easily be used for this vulnerability is available. Proof of concept: a published, theoretical proof-of-concept or detailed explanation that demonstrates how to exploit this vulnerability is available. No known exploit: neither a proof-of-concept code nor an exploit were found for this vulnerability, or are not publicly available. No data: this value indicates one of the following: The issue is not a vulnerability (but rather, a license issue); The ecosystem is not currently supported by Snyk (Linux); or The project was imported prior to the release of this feature. Reimport the project in order to scan for this data.
Identifiers	All associated CVE identifiers. Each identifier is linked individually to the full official CVE or CWE vulnerability details as relevant.
Project	When viewing issues ungrouped, this is a complete list of all projects affected by the specific issue, and an indicator of the source of the projects. If viewing the issues grouped, this column displays *the number of projects* affected by the issue. Click the sum total of projects to open a side panel on the right, where a list of all affected projects in that grouping is displayed: Details in this view include: Project Status Introduced-date the issue was detected in the project Fixable—whether the issue can be eliminated with an upgrade or patch

Following are the project level details that appear only when viewing issues ungrouped:

Element	Description	Possible values
Status		Open Issues that have not been handled. Fixed Issues for which Fix PRs have been submitted (automatically by Snyk). Patched Issues that have been fixed with Snyk patches. Ignored Issues to which the Ignore policy applies.
Introduced	The date the issue was introduced in the project.
Fixable	Indicates whether a fix is available for the issue.	Patch Issues that can be fixed with a Snyk patch. Upgrade Issues that can be resolved by upgrading the affected package. No Issues for which there is currently no known fix.
Jira issue		When a Jira integration is configured for the project and a Jira issue has been filed against the issue in Snyk, this column displays the Jira key and links to that same issue within Jira.

Issues tab actions

These controls appear above the table:

Search issues—this search capability allows users to search based on CVE, CWE or identifier name (i.e. DDoS). When searching by CVE or CWE, you must provide an exact value (for example CVE-1234) whereas, for identifier name, typing in a piece of the word will return results.

Issue filters—mark the issues to be displayed by selecting specific issue types, exploit maturity, status and fixable values.

Export—click the button to choose which format you’d like to export issue data in:

CSV
Print/generate a preview from the Print dialog box in your local environment. Once you click the initial Print button, in the backend we load all the issues into one page. This process can take a few seconds. Make sure you don’t close your tab/browser or refresh the page while we prepare the document. Once ready, you get a new dialog box informing you that the document is ready to print. Within the print dialog, you select to save as PDF or print directly.

Note

Only 2000 issues can be generated at once. The number of issues you’re currently viewing is displayed on the Issues tab, as described in the Elements table.

View issues ungrouped/View issues grouped—toggle between views. When viewing “grouped”, each issue appears once only, grouping together all affected projects; when viewing “ungrouped”, each issue appears once per project that is affected by it.

Articles in this section

Note

Issues tab elements

Issues tab actions

Note