View Python package vulnerabilities

This page describes how you can view the vulnerabilities in Python packages that were detected by Notebook Security Scanner.

Filter package vulnerability findings

For Notebook Security Scanner, you can filter the package vulnerability findings by using the category, source display name, severity, and project ID.

  1. Go to the Security Command Center Findings page.

    Go to Findings

  2. In the project selector, select the project or organization for which you need to view the package vulnerability findings.

    The Findings page displays findings only for the project or organization that you selected.

  3. In the Quick filters section, select one or more of the following:

    • In the Category section, select Package vulnerability.
    • In the Project ID section, select your project ID.
    • In the Source display name section, select Notebook Security Scanner.
    • In the Severity section, select the required severity value.

    The Findings page displays a list of findings that match the type you selected.

View older package vulnerability findings

By default, the Security Command Center Findings page displays only active package vulnerability findings that are less than seven days old.

If you want to view package vulnerability findings that are older than seven days and have not been addressed, do the following:

  1. Go to the Security Command Center Findings page.

    Go to Findings

  2. In the project selector, select the project or organization for which you need to view the package vulnerability findings.

    The Findings page displays findings only for the project or organization that you selected.

  3. In the Time range list, select the required time range.

    You can also add more filters such as Source display name and Category.

  4. If you want to view the package vulnerability findings that are published after a particular timestamp, do the following:

    1. Click Edit Query.

    2. In the Query Editor, add a condition on create_time and parent_display_name.

      The following example query displays the active package vulnerability findings that are created after 2024-07-16.

      state="ACTIVE"
AND NOT mute="MUTED"
AND parent_display_name="Notebook Security Scanner"
AND create_time > "2024-07-16"

What's next