Manage remediation
In the following, you'll learn how to manage remediation of entities affected by or related to a vulnerability. You can
- Apply fix recommendations from Snyk Third-party vulnerabilities
- Apply fixes from Davis Security Advisor (DSA) Third-party vulnerabilities
- Connect affected entities to your ticketing system and track the remediation progress Third-party vulnerabilities
- Drill down into the source of vulnerabilities
- Change the mute status of vulnerabilities
- Change the mute status of affected entities Third-party vulnerabilities
Apply fix recommendations from Snyk
Third-party vulnerabilities
For vulnerabilities based on the Snyk feed, a fix recommendation is displayed if one is available. It consists of a library upgrade suggestion to solve the vulnerability.
-
On the Prioritization page, select a vulnerability title.
-
On the details page of the vulnerability, look for Fix recommendation.
Make sure to restart processes after upgrading a library.
Apply fixes from Davis Security Advisor
Third-party vulnerabilities
With Davis Security Advisor (DSA), you can determine
-
Which patches and upgrades in the monitored technologies to apply for maximum remediation impact
-
How many vulnerabilities you can solve by updating a specific library
-
How many of the total solvable vulnerabilities are the most severe
-
On the Prioritization page, on the upper-left of the vulnerabilities table, select
Davis Security Advisor. This opens a Davis Security Advisor side window with a list of fixes. -
Select
for the desired library. This filters the vulnerabilities table by the total number of vulnerabilities for a selected library that would be fixed by upgrading the library.- You can add as many DSA filters as you want.
- To remove a filter, select Clear next to the desired library.
Make sure to restart processes after upgrading a library.
Remove filters
To remove filters and return to the previous state of the vulnerabilities table, select Clear all.
Further reading
To learn more about Davis Security Advisor, see Concepts: Davis Security Advisor.
Track remediation progress
Third-party vulnerabilities
On the overview (remediation) page of the process groups and Kubernetes nodes related to a vulnerability, you can add links to tickets created in your issue tracking system for affected entities.
Adding a tracking link allows you to
- Navigate to the associated URL.
- Track the remediation progress of the selected entities. You can easily check, for example, if someone is already working on fixing the vulnerability.
Access the remediation page
There are two ways to access the remediation page, as shown below.
From the Prioritization page
- On the Prioritization page, select
on the left side of a vulnerability to expand the row. - Select View all process groups/View all Kubernetes nodes.
From the details page of a vulnerability
- On the Prioritization page, select a vulnerability title.
- On the details page of the vulnerability, look for Process group overview/Kubernetes node overview.
- Select View all process groups/View all Kubernetes nodes.
Set up tracking links
On the remediation page, you can add, edit, or delete tracking links individually or in bulk.
-
To add link individually, select Set link for the desired entity.
-
To add link in bulk
- Select the desired entities.
- Select Set tracking links.
-
To edit or delete link individually
- Select
next to the tracking link for the desired entity. - Select Update tracking link / Delete tracking link.
- Select
-
To edit or delete link in bulk
- Select the desired entities.
- Select Edit tracking links > Update tracking links/Delete tracking links.
Drill down into the source of vulnerabilities
To fix vulnerabilities you need to find the root cause. You can examine
- Vulnerable components Third-party vulnerabilities
- Entry points Code-level vulnerabilities
- Code location Code-level vulnerabilities
Examine vulnerable components
Third-party vulnerabilities
There are several ways to see information about the vulnerable component:
On the details page of a vulnerability
In the Vulnerable components section, you can get information about the name and description of the libraries containing the identified vulnerability and the number of affected processes.
- On the Prioritization page, select a vulnerability title.
- On the details page of the vulnerability, look for Vulnerable components.
On the Prioritization page
- On the Prioritization page, expand a row for a selected vulnerability.
- Look for Details > Vulnerable component.
On the remediation page
- On the overview (remediation) page of related process groups and Kubernetes nodes, expand a row for an affected entity.
- Look for Details > Vulnerable component.
FAQ
Why is a fixed vulnerability still showing as open.
Further reading
-
To learn more about vulnerable components, see Concepts: Vulnerable component.
-
To understand how Dynatrace evaluates vulnerable components, see Vulnerability evaluation: Third-party vulnerabilities.
Examine entry points
Code-level vulnerabilities
In Entry points you can determine in which ways a vulnerability could be exploited.
- On the Prioritization page, select a vulnerability title.
- On the details page of the vulnerability, look for Entry points.
If the same vulnerability is reachable by multiple HTTP paths, multiple entry point entries are listed. To save memory and network traffic, a limited number of entries is displayed.
If a code-level vulnerability is resolved or is about to be resolved in the next 30 minutes, the entry points are no longer open (vulnerable).
Further reading
To learn more about entry points, see Concepts: Entry points.
Examine code location
Code-level vulnerabilities
In Code location you can see the location where the vulnerable function is called from.
You have two options to navigate there.
On the Prioritization page
- Expand a row for a selected vulnerability.
- Look for Code location.
On the details page of a vulnerability
- On the Prioritization page, select a vulnerability title.
- On the details page of the vulnerability, look for Vulnerability details > Code location.
Change the mute status of vulnerabilities
With the Change status option, you can mute (silence) or unmute vulnerabilities according to your findings and needs. For example, you can
- Ignore vulnerabilities that are less important and focus on what matters
- Mute a resolved vulnerability to stop monitoring it if it's reopened
- Unmute a vulnerability that turns out to be important
Muted vulnerabilities don't appear in the vulnerabilities table unless you filter for them.
You can change the status of vulnerabilities individually or in bulk.
Change the mute status of affected entities
Third-party vulnerabilities
With the Change status option, you can mute (silence) or unmute affected entities according to your findings and needs. For example, you can mute an affected entity if you wish to ignore the vulnerability for this particular entity:
- It could be a false flag, meeting some additional conditions that make the vulnerability irrelevant.
- Or maybe there’s no remediation available and a workaround has been applied.
Muted vulnerabilities and affected entities don't appear in the vulnerabilities table unless you filter for them.
You can change the status of affected entities individually or in bulk on the overview (remediation) page of the process groups and Kubernetes nodes related to a vulnerability.
