How Does it Work?
Enabling/Disabling Contextual Analysis
Vulnerability Contextual Analysis is disabled by default for new artifacts in all resources that are marked for indexing by Xray. To enable, do the following:
- Navigate to the Administration module, go to Xray | Settings | General and click Indexed Resources.
- Select the repository or build and select Configure.
- Enable the Vulnerability Contextual Analysis option.
Contextual Analysis is applied on new scans only, and not on existing scans. The analysis will run on indexed resources, however, it will not run on the Index Artifacts History. For more information, see Indexing Xray Resources.
Take note that in some cases, as deep scanning is involved, the scan might take longer to complete.
Contextual Analysis Statuses and Results
Once an artifact is indexed in Xray as part of a single upload, build or Release Bundle, Xray will validate if the artifact contains vulnerabilities that are considered to have a very high impact. If such vulnerabilities are found, Xray will run the contextual analysis and retrieve the contextual analysis results. The results consist of the following:
Vulnerability Contextual Analysis Statuses
- Not applicable: The vulnerability is not applicable
- Applicable: The vulnerability is applicable
- Undetermined - not triggered: An admin needs to enable this feature.
- Undetermined – analysis in progress: If Xray is in the process of analyzing the vulnerability applicability, it is indicated in the vulnerability details as analysis in progress.
- Undetermined - inconclusive: Xray was unable to determine if the vulnerability is applicable or not.
- Undetermined - no scanner: An applicability scanner for this vulnerability is not available.
Vulnerability Contextual Analysis Results
The contextual analysis results can be accessed from Scans List.
REST API Support
The following REST APIs are supported for the Contextual Analysis feature:
- Artifact Summary - Applicability information was added to each issue.
- Build Summary - Applicability information was added to each issue.
- Get Violations - Applicability information was added to each violation.
- List Ignored Violations - Applicability information was added to each violation.
- Scan Build V1 - Applicability information was added to each alert.
Get Repositories Configurations: Added a new parameter
true or false. Only if feature is enabled and it is possible to enable or disable it per repository.
- Update Repositories Configurations - Added the option to enable or disable Contextual Analysis per repository with the parameter
true or false.