Application Security Platform
Scan Optimization and Troubleshooting

Runtime SCA findings

This document is for:
Invicti Platform

Runtime SCA Findings show you all the technologies (libraries, frameworks, and server versions) used by a scanned target and highlight which of those technologies are out of date. For each out-of-date technology, Acunetix provides the version number you are using (Identified Version), the latest branch version, and the overall latest version, along with the highest CVSS rating of the vulnerabilities in each version. This information and the recommended action are intended to help you assess the risk for your organization and decide how you will mitigate the risk.

This document explains how to view details of detected out-of-date technologies and how to generate an SCA report.

Runtime SCA findings are only available when you run a full scan for a target. If you do not select full scan as the Scan profile, the Runtime SCA findings tab on the Scan details page will not display any technology information.

Inspect identified outdated technologies

Out-of-date technologies are not considered active vulnerabilities (you will not find them in your vulnerabilities list) but rather items of interest picked up by the scanner that may pose a risk to your target due to using an older version.

Follow the steps below to view details about the out-of-date technologies detected on a target:

  1. Select Scans > All scans from the left-side menu.
  2. Click on one of the scan, ensuring that you select a completed scan that used the Full Scan as the Scan Profile.

  1. Click the Runtime SCA findings tab on the Scan Details page and select one of the listed technologies.

  1. Review the details of the known issues with the selected technology.
  • The CVSS Score section provides information about the vulnerabilities in each version.
  • If a CVE (Common Vulnerabilities and Exposures) number is listed, click it to view the relevant entry in the National Vulnerabilities Database.  

Generate a Runtime SCA report

The Runtime SCA Report can be generated for a particular scan or multiple targets. The report contains all available information about the identified out-of-date technologies. To generate an SCA report, follow the steps below:

 

  1. Select Scans > All scans from the left-side menu.
  2. Click the checkboxes on the left to select one or more scans for the report.
  3. Under Bulk actions, select Export to, then select SCA.

  1. The Reports page is updated with your SCA Report listed in the table.
  2. From the Download column, select PDF or HTML, depending on your preferred format.

  1. The download begins automatically. Once downloaded, you can open the report file from your downloads folder.


Share This Article