The risky components page of the application security feature displays risky third-party components used in applications. Such components refer to the dependency packages developed by third-parties and directly obtained over the Internet, such as the third-party dependency libraries used in Maven. The details of risky components include CVE IDS, component versions, and component path.
Risky components may affect the security of applications. Therefore, we recommend that you fix risky components by upgrading them as soon as possible. If a risky component cannot be fixed within a short period of time, set the prevention mode of the application to Monitor and Block. This ensures that the application can intercept a vulnerability when it is used by an attacker.
Go to the Risky Components page
- Log on to the ARMS console.
- In the left-side navigation pane, choose . In the top navigation bar, select a region. By default, the Risky Components page displays the number of vulnerabilities for risky components on all applications.
- Optional:To view the risky components of a single application, you can use one of the following
- Click the All Applications drop-down list at the top of the Risky Components page and select an application.
- In the left-side navigation pane, choose Risky Components column. The Risky Components page appears, displaying the information of risky components of the application. . On the page that appears, find the application and click the number in the
View risky component details
The Risky Component Detection tab displays the total number of vulnerabilities detected by the application security feature, CVE ID, vulnerability severity, vulnerability score, and the version and path of the component. You can filter components by component path, CVE ID, or vulnerability severity to quickly find specified vulnerabilities.
Find a vulnerability and then click View in the Details column. In the panel that appears, you can view the details of the vulnerability and the components and instances involved.