Managing Vulnerabilities
In this How To section, we'll cover how to view, assess, and manage vulnerabilities found in your applications by N|Solid.
Understanding Vulnerabilities
Having various types of vulnerabilities in your code doesn't necessarily mean it is insecure, but it indicates areas that require your attention. You should evaluate each vulnerability and follow update instructions to keep your application secure and up-to-date.
Types of Vulnerabilities
- Critical Vulnerabilities: These require immediate attention as they can be exploited with minimal effort and can have severe consequences.
- High Vulnerabilities: These are serious issues that should be addressed promptly to prevent potential exploitation.
- Medium Vulnerabilities: These are less severe but still need to be evaluated and fixed in a reasonable timeframe.
- Low Vulnerabilities: These have a lower risk but should not be ignored, especially if they can be easily resolved.
Evaluating Vulnerabilities
When a vulnerability is identified, assess its impact on your application:
- Review the details: Understand the nature of the vulnerability and how it can affect your application.
- Check the context: Consider where the vulnerability exists in your code and the likelihood of it being exploited.
- Determine the priority: Based on the severity and impact, prioritize which vulnerabilities to address first.
Managing and Mitigating Vulnerabilities
Updating Dependencies
Whenever possible, follow the update instructions provided to fix the security vulnerabilities. Regularly update your dependencies to benefit from the latest security patches.
Temporary Solutions
If you cannot immediately fix a vulnerability due to it being a downstream dependency or other reasons, consider the following temporary solutions:
- Apply Workarounds: Identify and apply any recommended workarounds that can mitigate the risk until a permanent fix is available.
- Isolate the Vulnerability: If feasible, isolate the affected component to limit its potential impact.
- Monitor the Vulnerability: Keep a close eye on the vulnerability for any updates or changes in its status.
- Limit Exposure: Restrict access to the vulnerable component to trusted users only.
Downstream Dependencies
For vulnerabilities in downstream dependencies:
- Check for Updates: Regularly check if the maintainers of the dependency have released a fix.
- Raise an Issue: If a fix is not available, raise an issue with the maintainers, providing details of the vulnerability.
- Consider Alternatives: Evaluate if there are alternative libraries or solutions that can replace the vulnerable dependency.
Further Information
For detailed information on what and how N|Solid scans for security issues, see our section on Security Vulnerabilities.