Skip to main content
The Advisories page lets you view the vulnerability announcements related to the projects you’ve added to your Semgrep organization and helps you identify all findings related to a specific advisory.
PREREQUISITEAt least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See Scan third-party dependencies.

View advisories

To see the advisories relevant to your Semgrep organization: You can use the filters available to narrow down the results displayed:

Advisory details

For each advisory listed, you can click the entry to view additional details, including:
  • A description
  • Reference links
  • The rule Semgrep uses to match your code
  • Affected projects

Identify findings associated with an advisory

You can use the Advisories page to see if any of your projects are affected by a specific incident:
3
Using the filter, provide the relevant CVE or keywords.
4
Click the advisory in the results list to open up the Details page.
5
Go to Affected projects.
For each affected project, Semgrep displays the number of findings associated with the advisory on each branch. Click the displayed number to go to the Findings page, where you can review and manage these issues.