Security Vulnerability Reporting
This release provides the following enhancement to Code Insight's reporting of security vulnerabilities found in open-source or third-party components.
Enhanced Security Vulnerabilities Window to Display Single Record for Duplicate Vulnerabilities
The Security Vulnerabilities window, which is displayed when you click a Vulnerabilities bar graph for a specific component or inventory item, has been enhanced to display each advisory vulnerability along with all of its referenced CVE (Common Vulnerability and Exposure) vulnerabilities, as a single vulnerability record.
In this enhancement, Code Insight now merges the advisory vulnerabilities and CVE vulnerabilities, depicted as duplicate entries, into a single unified record and displays them on the Security Vulnerabilities window. This ensures a more accurate vulnerability count, removes redundancy, and provides a consolidated view within the Security Vulnerabilities window.
In addition, the total vulnerability count displayed in the Vulnerabilities bar graph represents only the number of advisory vulnerabilities listed in the Security Vulnerabilities window for the selected component version; CVE references are not included in this count.
If you are upgrading from a 2025 R3 or earlier Code Insight release to the 2025 R4 Code Insight release, existing vulnerabilities are managed automatically based on their relationships between advisory vulnerabilities and CVE vulnerabilities. During the upgrade, Code Insight ensures consistency by updating suppression and analysis records as needed for advisory vulnerabilities and their associated referenced CVE vulnerabilities. For more information, see Security Vulnerabilities After Upgrade.