# Vuln Explorer overview

Purpose
- Provide a VEX-first, evidence-linked view of findings.
- Preserve deterministic history for audit and replay.
- Support offline exports and signed bundles.

Core concepts
- Findings are enriched with policy verdicts, VEX status, and reachability.
- History and actions are append-only with hashes for tamper evidence.
- Findings link to advisory and SBOM identities through stable identifiers.

Roles and scopes
- vuln:view for read-only access.
- vuln:investigate and vuln:operate for actions and remediation.
- vuln:audit for audit exports and history.

Offline and export
- Offline bundles include findings, history, actions, and signatures.
- Exports are deterministic and include manifest hashes.

Related references
- docs/vuln/explorer-overview.md
- docs/vuln/findings-ledger.md
- docs/modules/vuln-explorer/architecture.md