Viewing Scans List
To view the Scans List:
- Log in to the platform.
- Click the Application tab, and the Security & Compliance button.
- Click Scans List.
The Scans List screen appears. From here, you can:- Navigate between various tabs and view Xray scan reports for Repositories (default), Builds, Release Bundles, and Packages.
- Click any of the rows to view detailed information for each scan report.
Scan Results
On the scan details page, click any of the rows. The resulting page provides information about Violations, Security, and Components. To learn more about the information contained in each tab, see Analyzing Resource Scan Results.
The following sections describe the Xray Data sub tabs displaying the Packages resource as an example.
Violations
Displays the violations detected on the package version based on the watches and associated policies set by the users. They are only reported for the root component, not for its dependencies. You can view the vulnerability severity, type and the associated policies. To view a component and its dependencies, click the Component icon. In some cases, when violations are detected, as a security or legal personnel, you would like to accept or add some of these violations to an Allow List. For more information, see Ignore Rules.
Security Issues
Displays the known CVEs for the selected package version and the effected versions and fixed versions that do not contain the CVE.
Components
Displays the licenses assigned to a specific version and triggers violations in case it matches the criteria of any existing Watches.
Searching and Filtering
For all the tabs, you have the option of searching and filtering scans list to quickly find specific items. For example, Repositories list can be filtered based on creation date and indexed artifacts.
Exporting Xray Data
For each item in the scans list, you have the option of exporting the Scan Results to CSV, PDF, and JSON formats. In addition, you can export the Xray data as an SBOM report using one of the two supported SBOM formats, SPDX and CycloneDX. The exported data will include full details for the selected component, including policy violations, CVEs, and more.
To export data:
- Hover over an item and click the Action icon.
The Export Scan Data window appears. - Click to select:
- The relevant security data.
- The export format.
- Click Export.
The file is downloaded to your local drive.
You can also automate exporting component details using the Export Component Details REST API endpoint.
REST API Support
The following REST APIs support the Scans List feature.
- Get Repositories
- Get Artifacts
- Get Builds
- Get Build Versions
- Get Packages
- Get Package Versions
- Get Release Bundles
- Get Release Bundle Versions