Vulnerabilities tab
Updated:2024-12-06 SBOM Central
The Vulnerabilities tab contains an index page listing all vulnerabilities detected for this SBOM.
Sections in the page:
- Filter row
- Filter buttons
- Summary
- Vulnerabilities table
Filter row
| Filter by | Description |
|---|---|
| Search | Search the Name of an artifact or CVE-id. |
| Backend | Filter by backend data provider: NVD or OSV. |
| Analyzed | Filter on: analyzed. |
| Missing alias | Filter on Missing alias, i.e. OSV and NVD are not in sync regarding analtytics. |
| Action | Filter on decided action: fix/don't fix |
| Due date | Filter on due dates: 1Month/2 Months/3 Months |
| Usage | Deliverable, Compile time, Runtime, Test. |
Filter buttons
- Only vulnerable (default): Show all Vulnerabilities with a priority. A vulnerability analysis and decision resulting in "Not vulnerable", "Fixed", etc. should be set to Priority = "None".
- All: Show all vulnerabilities regardless of priority.
Summary
Shows the number of Vulnerabilities for each Priority.
- Grey = None
- Light blue = Low
- Green = Medium
- Orange = High
- Red = Critical
Vulnerabilities table
A listing of all vulnerabilities identified in this build.
| Header | Description |
|---|---|
| Identifier | Vulnerability identity, CVE-id or other, and a link to the local vulnerability show page containing detailed information and analysis tools. |
| Priority | Priority set by a manual decision or by an automated rule. |
| Added date | Date when the vulnerability was added to the WebApp. |
| Analysis | The result of a analysis. |
| Action | Decided action. |
| Due date | The due date (if any) |
| Artifact | Name of the artifact and link to the detailed artifact info , in package url format. About package url (external link). |
| Artifact status | Health status for the artifact. |
| Used in | Deliverable, Compile time, Runtime, Test. |