Workflow: Mitigating vulnerabilities with Concert
When you upload a vulnerability scan file, IBM® Concert evaluates your application landscape to determine whether a known vulnerability or CVE (Common Vulnerability and Exposure) impacts your application components. If it does, Concert can automatically create and assign a ticket in your third-party ticketing system and assign it to the relevant person to ensure that it is addressed.
You can upload vulnerability scan as a CSV, XLSX, or XLS file formats or as a VDR file in CycloneDX format.
Before you begin
- Consider setting up automation rules before importing vulnerability scan data to allow Concert to automatically create and assign tickets in your third-party issue tracking system to more efficiently address prioritized CVEs.
Step 1: Import vulnerability data to Concert
Using Prisma Cloud, CycloneDX, or another vulnerability scanning tool, you can generate a vulnerability scan file in one of the three supported formats, then upload the file to Concert to assess and prioritize CVEs impacting your applications and environments.
Refer to Supported vulnerability scan formats for details about all supported formats.
Step 2: Review the impact of CVEs on your applications and environments
You can identify CVEs impacting your application components or environments from the Arena view or by going to .
- Select the Arena view from the main navigation for an interactive view of your application topology.
- Enable the toggle switch next to Prioritized CVEs to see high-priority
CVEs and the impacted application components. Tip: Hover over the CVE to highlight the scope of impact across your global application topology. Click the node to learn more about the impacting CVE.
- Select .
- Select a CVE from the list to view details and impacted applications.
Per Application or Environment
Step 3: Open a ticket in your third-party tracking tool
Follow the instructions to create a ticket within your organization’s third-party ticketing system.
- Next to an impacted entity, click Open ticket.
- Select the appropriate ticketing system: GitHub, Jira, or ServiceNow.
- Select a previously established connection with the third-party system from the drop-down menu.
- Complete the form fields based on the selected third-party ticketing system.
- Under Ticket details, edit the title and body of the ticket.
- Provide the username of the person to whom to assign the ticket.
- Click Open.