Configure Project Version Management

Project version management enables Seeker to automatically detect the application version and assign the detected vulnerabilities to this version.

Configure how Seeker should detect the application version.

  1. In the main menu, click (Projects) and open a project that you want to configure.
  2. Click Features.
  3. Toggle the Enabled switch for Project Version Management on.
  4. Click Configure.
Default project version in dashboards
  1. Choose which project versions to display by default in the project dashboards. The options are: All (default), Latest, or Specific versions to choose one or more versions.
Version detection strategy
  1. From the dropdown list, choose a version detection strategy that fits the application's technology, and enter the variable or file name/path from which to collect the project's version:
    PropertyDescription
    Environment Variable Collect the version from an environment variable known to the process. Default: SEEKER_PROJECT_VERSION
    Java System Property Collect the version from a -Dkey=value JVM property. Default: seeker.project.version
    Java Manifest (Java only) Collect the version from a MANIFEST.MF file stored in a JAR file. Enter an absolute path pointing to the JAR file containing the relevant MANIFEST.MF file. Enter the manifest attribute name. Default: Implementation-Version
    Properties File (Java only) Collect the version from a .properties file. Enter an absolute Properties file path of the .properties file that contains the version property and the Property name value.
    Assembly (.NET Core/.NET Framework only) Collect the version from an assembly version attribute. Enter an assembly name without extension.
    Package JSON (Node.js only) Collect the version from the standard package.json file.
    Custom Collect the version from a custom implementation that is accessible for the Agent. Enter a fully qualified name of Java class or Node.js module or a full .NET type name that contains a public String getAppVersion() method returning the version.
  2. Tell Seeker how to recognize the latest version of your project.

    Version names are usually numerical strings that increase consistently with every version, but they can also use a commit hash or similar alphanumeric data that doesn't indicate the order of the releases. If you use non-ordinal release names, Seeker can use the creation date to determine which release is the newest.

    From the pulldown menu, choose the option that corresponds to release naming in your project:

    OptionDescription
    Version name (string comparison) Choose if your version names are sequential strings, such as 2024.1, 2024.2, etc.
    Version creation date (date comparison) Choose if your version names are non-sequential, as with commit hashes.
  3. Click Test strategy to display the results of version detection according to the defined strategy.
Fix confirmation
  1. Select Enable automatic fix confirmation.
    Instruct Seeker to confirm that a vulnerability has been fixed by automatically setting its status to Fixed for each new version of the project.

    For more information about automatic status changes, see Vulnerability Lifecycle Management.

  2. Save your changes.