Checking Binary SCA Job Details

Prerequisites

• You have obtained a username and its password to log in to the management console.
• A job has been completed.

Procedure

1. Log in to the CodeArts Governance console.
2. In the navigation pane on the left, choose Software Composition Analysis (SCA) > Binary SCA.
3. Check all jobs.
4. Click a job name to check its report. Alternatively, click View Report in the Operation column of the job. Table 1 lists items on the details page.

   Table 1 Items on the details page

   Item	Description
   Job Info	Basic Info: The file name, file size, feature library version, and platform version are shown. Here presents the results of all scan items in a general way. Component Analysis: the total number of components in the software package and the proportions of components with vulnerabilities, unknown versions, and no vulnerabilities Vulnerability Severity: the total number of vulnerabilities and the proportions of critical, high-risk, medium-risk, and low-risk vulnerabilities Security Configurations: the total number of check items and the proportions of passed, failed, and not-involved check items Open-Source Software Licenses: the statistics of licenses with high, medium, and low risks Key and Info Leakage: the total number of data leakage issues and their distribution Secure Complier Options: the total number of secure complier option issues and their distribution
   Open-Source Software Vulnerabilities	The name, version, license, number of files, and number of vulnerabilities of each component in the scanning job You can filter the list by alphabetical order, component version, or the number of files. You can filter the component list by component name or open-source license.
   Open-Source Software Licenses	The license risks of different severity, including the integration and compatibility risks. Licenses: The license check result of binary file packages. The license name, integration risk, components involved, license description, and risk analysis are displayed. Compatibility: The check result of license compatibility risks in each directory of the binary file package.
   Key and Info Leakage	The check results of the Git addresses, IPs, hard-coded passwords, weak passwords, hard-coded keys, and SVN addresses.
   Secure Complier Options	The description and result of BIND_NOW, NX, PIC check items, and number of files that do not meet the requirements.
   Security Configurations	The check items, issue severity, and results related to credential management, authentication questions, and session management.

   • On the Open-Source Software Vulnerabilities tab page, check the vulnerabilities of each component.

     You can click a component name to check vulnerability details.

     • Click next to object patch to copy it.
       Figure 1 Copying an object path
       
     • Click the CVE vulnerability name to check its details, introduction, fixing solution, reference, and reference link.
   • On the Open-Source Software Licenses tab page, check the result of each license.
   • On the Key and Info Leakage tab page, check the result of each check item.
   • On the Secure Compiler Options tab page, check the result of each check item.
   • On the Security Configurations tab page, check the results related to credential management, authentication questions, and session management.