Runtime SCA Findings

Runtime SCA Findings show you all the technologies (libraries, frameworks, and server versions) used by a scanned target and highlights which of those technologies are out of date. For each out-of-date technology, Acunetix provides the version number you are using (Identified Version), the latest branch version, and the overall latest version, along with the highest CVSS rating of the vulnerabilities in each version. This information and the recommended action are intended to help you assess the risk for your organization and decide how you will mitigate the risk.

This document explains how to view details of detected out-of-date technologies and how to generate an SCA report.

IMPORTANT: Runtime SCA Findings are only available when you run a Full Scan for a target. If you do not select Full Scan as the Scan Profile, the Runtime SCA Findings tab on the Scan Details page will not display any technologies information.

How to view details of detected out-of-date technologies

Out-of-date technologies are not considered active vulnerabilities (you will not find them in your vulnerabilities list) but rather items of interest picked up by the scanner that may pose a risk to your target due to using an older version. Follow the steps below to view details about the out-of-date technologies detected on a target:

  1. Select Scans from the left-side menu.
  2. Click a Target in the list of scans, ensuring that you select a completed scan that used the Full Scan as the Scan Profile.

  1. Click the Runtime SCA Findings tab on the Scan Details page.

  1. Select a technology listed in the Runtime SCA Findings table.

  1. Review the details of the known issues with the selected technology.
  • The CVSS Score section provides information about the vulnerabilities in each version.
  • If a CVE (Common Vulnerabilities and Exposures) number is listed, click it to view the relevant entry in the National Vulnerabilities Database.  

How to generate a Runtime SCA Report

The Runtime SCA Report can be generated for a particular scan or multiple targets. The report contains all available information about the identified out-of-date technologies. To generate an SCA report, follow the steps below:

 

  1. Select Scans from the left-side menu.
  2. Click the checkboxes on the left to select one or more scans for the report.
  3. Click Generate Report, then select SCA.

  1. The Reports page opens with your SCA Report listed in the table.
  2. From the Download column, select PDF or HTML, depending on your preferred format.

  1. The download begins automatically. Once downloaded, you can open the report file from your downloads folder.


« Back to the Acunetix Support Page