Vulnerability
The Vulnerability dimension helps you identify and prioritize Common Vulnerabilities and Exposures (CVEs) data and non-CVE exposures. Based on ingested vulnerability scan data and your vulnerability priority and risk score settings, Compliance center assesses and prioritizes the vulnerabilities impacting your applications so you know which to address first. Using automation rules, you can automate ticket creation whenever Compliance center identifies a high priority CVE or exposure.
The Vulnerability dimension supports applications that are automatically discovered from source code repositories and consolidates vulnerability insights across shared repositories, build artifacts, and runtime environments by using correlated scan and package metadata. Vulnerability visibility is based on scan data associated with repositories, build artifacts, and environments, and reflects the current state of those artifacts in Compliance center. Changes to application associations alone do not remove vulnerability findings unless the related artifacts and their scan data are explicitly cleaned up.
Compliance center identifies vulnerabilities reported against a container image, source repository, or runtime virtual machine (VM). You can find CVE-related information in public databases; however, specific details about non-CVE exposures or security issues are not publicly available. Only the generic classification of the type of exposure, not the specific finding, is known publicly.
Refer to the topics in this section to learn more about mitigating vulnerabilities impacting your applications and environments.