Help Center
Go back to application
Help Center
Go back to application
Platform Fundamentals
Getting Started
Account Management
User Management
Asset Management
Asset Basics
Assets Operations
Asset Customization
Vulnerability Management
Vulnerability Basics
Vulnerability Operations
Vulnerability Organization
Integrations & Connectors
Credential Management
Connector Setup
Synchronization
Scanning and Assesssment
Scanning Operations
Security Analysis
Workflow Configuration
Engagemet Management
Enagagement Basic
Enagagement Operations
Pentesting as a Service
PTaaS Basics
Vulnerability Submission
Task Management
Task Basics
Task Automation
Reporting and Documentation
Reports
Documentation
Data RetentionOSS PatchesDocument VaultSoftware Bill of MaterialsSoftware Composition Analysis

OSS Patches

The OSS Patches page on Strobes provides a centralized view of all vulnerable open-source packages across your organization, along with the tools needed to take swift remediation actions.

This guide walks you through everything you need to understand and manage OSS patches effectively from identifying issues to creating remediation tickets.

 Overview of the Patches Page

Here’s a breakdown of the key fields displayed on the Patches page:

  • Vulnerable Packages: Lists all vulnerable open-source packages identified in your organization (typically by package name and version)​. Each entry represents a package that has one or more known security issues.
  • Affected Assets: Shows the list of assets (applications, repositories, containers, etc.) that include the vulnerable package​. This helps you see where the vulnerable component is deployed or used.
  • Fixed Version: Indicates the highest available version of the package that resolves all known vulnerabilities in that package​. This is the recommended version to upgrade to in order to patch multiple issues at once (the platform determines this by selecting a version that will fix all associated findings for the package).
  • Findings Count: The number of vulnerability findings associated with that package. This count reflects how many instances or identified issues involve the package across assets. A higher number could mean multiple vulnerabilities or occurrences, highlighting a more widespread or severe issue.
  • Ticket ID: If a remediation ticket (e.g. a Jira ticket) has been created for this package, this column displays the ticket’s ID (such as the Jira issue key). This lets you track whether a fix is already in progress. If no ticket exists, it may be blank or “–”.
  • Create Ticket: An action column that allows you to create a new ticket for the. You can create tickets individually for each package, or select multiple packages and use a bulk ticket creation feature. (See How to Create Tickets below for details.)

Objective

Use the OSS Patches page to:

  • Quickly identify and assess risk across vulnerable OSS packages.
  • View fix recommendations.
  • Automate ticket creation for remediation workflows.

How to Create Remediation Tickets

You can raise tickets for OSS vulnerabilities directly from the Patches page. Follow the steps below:

Step-by-Step Instructions

1. Go to the OSS Patches Page

  • Navigate to Vulnerability ManagementOSSPatches.

2. Select the Vulnerable Packages

  • You can either:
    • Click the Create Ticket button next to a single package to raise a ticket individually.
    • Or select multiple packages using the checkboxes and click Create Ticket at the top of the list to raise tickets in bulk.

3. Configure the Ticket Details

  • In the Jira Configuration window that appears:
    • Choose the appropriate Jira projectissue type, and priority.
    • Ensure the correct mappings for fields like summary, description, and assignee (based on your integration setup).

4. Submit the Ticket

  • After confirming the configurations, click Submit.
  • Strobes will create tickets in your Jira instance based on the selected packages.

Important Note:

  • When you create a ticket for a package, Strobes will automatically suggest the highest available fixed version to resolve multiple vulnerabilities in one go.

Each selected package will have one Jira ticket created by default, unless configured otherwise in your Jira integration settings.

 

Was this article helpful?

Powered by Product Fruits