Understanding vulnerability details in the Tidelift UI

When a vulnerability is found, the most important question to answer is: what do I do now?

The answer to this question can be a complex one based on the vulnerability, your organization's risk profile, and other priorities your organization may have. With Tidelift, we give you all the vulnerability context in one place so you can make the right decisions for your teams. 

Vulnerabilities page 

For each vulnerability, we collect all of the data we have about it in a single view. Starting with the data you would find by going to the NIST NVD.

Affected releases

Tidelift uses publicly available data to identify which releases are impacted by a vulnerability. This is summarized in the vulnerability tab. On this page, you will see the full list of vulnerabilities that impact a given release. 

Remediation

With the vulnerability mapped to the affected releases, we provide a simple and clear summary for what versions to use that will remove the given vulnerability. 

Affected projects 

Once you know what the issue is and how to remediate it, the next question is where does the issue exist in your applications. If you are saving alignments in Tidelift, we'll show you a list of projects where an affected release is in use in the latest alignment on the default branch or the last three non-default branches. 

Insights from the maintainer

Our partnered maintainers also provide exclusive CVE context for Tidelift subscribers. This information can be used to identify the impact of a vulnerability and help you prioritize when to address the vulnerability.  See below for an example of provided maintainer insights: 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section