Security Advisor

Security Advisor

The Security Advisor in Flyingduck offers a unified interface to help teams proactively search and analyze open-source packages and known vulnerabilities (CVEs) across multiple programming languages and ecosystems.

It is accessible from the sidebar and is divided into two primary sections:

Packages Page

The Packages page allows users to evaluate risks before integrating dependencies into their projects. package Search

Key Capabilities:

  • Search Packages: Use the search bar to look up open-source packages across ecosystems.
  • Select Ecosystem: Choose a language type (e.g., PyPI, NPM, Composer) from the dropdown menu.
  • Enter Package Name: Input the name of the package to retrieve detailed metadata.

Package Details Displayed:

  • Package description and metadata
  • Latest version available
  • License type
  • Known vulnerabilities across various versions

This feature helps you assess open-source risks before adoption, promoting secure development practices.

CVEs Page

The CVEs (Common Vulnerabilities and Exposures) section is your centralized space for identifying and evaluating publicly known software vulnerabilities. CVE Search

CVE Search & Analysis:

  • Search by CVE ID: Quickly locate vulnerabilities using standardized CVE identifiers (e.g., CVE-2023-12345).
  • Detailed CVE Insights:
    • Vulnerability description
    • Affected versions of impacted packages
    • Severity scores based on CVSS (Common Vulnerability Scoring System)
    • Remediation or patch guidance
⚠️

CVE data is enriched by Flyingduck to include contextual risk evaluation, making it more actionable for your codebase.

Repository-Level Traceability

Once your repositories are integrated, Flyingduck provides deeper traceability for each CVE.

When viewing a CVE, you can also:

  • See which repositories are affected
  • Identify impacted branches and folders (projects)
  • Pinpoint specific commit IDs where the vulnerability exists

This traceability allows your team to:

  • Locate and assess exposure across your environments
  • Quickly remediate issues by knowing the exact source and path
  • Reduce mean time to resolution by eliminating guesswork

CVE traceability makes vulnerability management more effective by linking vulnerabilities to their real locations in your repositories.

Why Use Security Advisor?

The Security Advisor provides your team with:

  • A centralized tool to evaluate package risks and CVE threats
  • Ecosystem-wide search support for proactive security analysis
  • Complete visibility into how vulnerabilities impact your codebase
  • Faster, more confident decision-making during development and auditing

The Security Advisor empowers engineering and security teams to work together efficiently on risk assessment and mitigation.

Schedule Scans