# Vulnerability Explorer Using the Console

This document describes the operator workflow for triaging findings in the Console. It is intentionally evidence-first and audit-oriented.

## Workflow (Typical)

1. Start from the findings list filtered to the tenant/environment you care about.
2. Open a finding to review:
   - Verdict and “why” summary
   - Effective VEX status and issuer provenance
   - Reachability/impact signals (when available)
   - Policy gate and explain trace
3. Record a triage action (assign/comment/mitigation/exception) with justification.
4. Export an evidence bundle when review, escalation, or offline verification is required.

## What to Expect in a Finding View

- Clear tenant context and artifact identifiers
- Evidence rail (SBOM, VEX, advisories, reachability, attestations)
- History/timeline of state changes and actions (append-only)
- Copyable identifiers (finding ID, digests, correlation IDs)

## Offline / Air-Gap Notes

- When operating from Offline Kit snapshots, the Console should surface snapshot identity and staleness budgets.
- Evidence bundle export is the primary bridge between online and offline review.

## References

- Console operator guide: `docs/15_UI_GUIDE.md`
- Vulnerability Explorer guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- Offline Kit: `docs/24_OFFLINE_KIT.md`