3

Trace-AI

Last Update 8 months ago

3. Trace-AI Dashboard Guide How to connect your first Github repo 4. Trace-AI Dependencies

4. Trace-AI Dependencies

Rajeshwar

Last Update 9 months ago

The Dependencies page in Trace-AI gives a unified view of all open-source and third-party packages used across your projects, helping teams track risk, vulnerabilities, and compliance impact.

1. Accessing the Dependencies Page
Use the sidebar menu to reach “Trace-AI” then select “Dependencies.” The main table lists all detected packages grouped by project and severity.

2. Understanding the Dependencies Table

  • Package Name: Library or module name (e.g., pillow, next, langchain-community, form-data).

  • Version: Specific package version in use.

  • Ecosystem: Source (pypi, npm, etc).

  • Project Name: Shows which app/repo uses the package.

  • Severity Badges: Critical (C), High (H), Medium (M), Low (L) counts with color indicators.

  • Type: Indicates if package is a direct or transitive dependency.

  • Action: 'Details' button opens that dependency’s full profile.

3. Searching, Sorting, Filtering

  • Use the search bar to find packages/CVEs/projects by name.

  • Sort via dropdown by Name, Most Affected, Version, Depth, Vulnerabilities.

  • Filter by severity badge—show only critical, high, or other levels.

4. Interpreting Severity Badges

  • Quickly spot most urgent risk:

    • Red = Critical

    • Orange = High

    • Yellow = Medium

    • Gray = Low

  • Badge numbers indicate count for each severity.

5. Viewing Dependency Details

Click Details for any package to open a detail view. You’ll see:

  • Metadata – name, version, documentation link, ecosystem, license, home page.
  • Vulnerabilities table: List of known issues by ID, severity, summary, fixed version, first seen date, and CVSS score.
  • Dependents and Dependencies: See what relies on or is included by this package.
  • One-click Remediation/Upgrade (if available): Quick action to update or fix directly from Trace-AI.

6. Vulnerability Detail Pane

  • Expand a vulnerability to see:

    • Summary and Severity: Why the issue matters.

    • Source links: Direct references to vulnerability databases (osv.dev, NVD, etc).

    • Aliases: How this issue is represented across trackers (GHSA, CVE IDs).

    • References: All related exploit documentation, patches, and advisories.

    • Last Updated: Date Trace-AI last refreshed fix and exploit data.

7. Severity Breakdown and CVSS Scores

  • CVSS score (e.g., 9.3 Critical) is linked to its official calculator.

  • Understand risk impact using industry standard metrics.

8. Remediation Actions

  • Where supported, “One-click Remediation/Upgrade” lets you automate dependency upgrades straight from the dashboard.

Best Practices

  • Regularly check dependencies for new vulnerabilities.

  • Pay immediate attention to Critical and High alerts.

  • Review license details to avoid compliance risks.

  • Use sorting/filtering to focus outreach or bug-fix efforts on most vulnerable areas.

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us