# Solve a vulnerability

Here, we show how to list all vulnerabilities for a repository and how to go about and solve them.

To see the list of all vulnerabilities for a repository, click the repository name in the "Repositories" view.

Repo view anim

In this case, a single vulnerability is detected, with a high severity score of 9.8. Click on the name of the vulnerability, "CVE-2018-18074", to see details about the vulnerability.

  • Through analysis, we conclude that our application is indeed affected by this vulnerability. We mark this by clicking on "Flag as vulnerable".
  • Next, we need to take action to solve the issue. Click "Suggested fix" to view a possible solution.

Suggested fix anim

For more information about the details view, see here.

The next step is to update the dependency file.

  • Update the package via the package manager, in this case pip: pip install 'requests>=2.20.0'
  • Upload the new commit containing the change
  • Using integrations, just commit and push the updates
  • Using manual upload, see below

Once scanning is completed, the repository should no longer have a vulnerability, marked by a 0 in the tab "Total Vulnerabilities".

No vulnerabilities

Good job! You made it. Solving vulnerabilities is not always this easy though. For an in-depth tutorial on how to evaluate vulnerabilities and securing your products, read our guide on Evaluating vulnerabilities.

# Manual upload

To manually create a new commit for a repository and apply the corresponding dependency file, perform the following.

  • Under the "Manage" tab, click "Manage dependency files"
  • Choose the updated dependency file
  • Apply it to the repository
  • Apply it to a new commit
  • Wait for analysis to complete

New commit anim