# Vulnerability Explorer Overview (Detailed)

The Vulnerability Explorer is the evidence-linked triage surface that brings together SBOM facts, advisory/VEX evidence, reachability signals, policy explainability, and operator decisions into a single auditable workflow.

This document complements the high-level guide `docs/20_VULNERABILITY_EXPLORER_GUIDE.md` with additional detail and cross-links.

## Core Objects

- **Finding record:** the current enriched view of a vulnerability for a specific artifact/context (tenant, artifact/image digest, policy version).
- **History:** append-only state transitions suitable for audit and replay.
- **Triage actions:** operator actions (assignment, comment, mitigation note, exception request) with provenance.
- **Evidence references:** stable pointers to evidence objects (SBOM slices, VEX observations/linksets, reachability proofs, explain traces, attestations).

## Key Properties

- **Narrative-first:** default view answers “Can I ship? If not, why? What’s the smallest safe change?”
- **Proof-linked:** every important fact links to evidence (no “trust the UI”).
- **Quiet by default, never silent:** suppression/muting is reversible and auditable.
- **Offline-ready:** evidence bundles are verifiable without online lookups.

## References

- High-level guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- Console operator guide: `docs/15_UI_GUIDE.md`
- Module dossier: `docs/modules/vuln-explorer/architecture.md`