1.4 KiB
1.4 KiB
Vulnerability Explorer Overview (Detailed)
The Vulnerability Explorer is the evidence-linked triage surface that brings together SBOM facts, advisory/VEX evidence, reachability signals, policy explainability, and operator decisions into a single auditable workflow.
This document complements the high-level guide docs/VULNERABILITY_EXPLORER_GUIDE.md with additional detail and cross-links.
Core Objects
- Finding record: the current enriched view of a vulnerability for a specific artifact/context (tenant, artifact/image digest, policy version).
- History: append-only state transitions suitable for audit and replay.
- Triage actions: operator actions (assignment, comment, mitigation note, exception request) with provenance.
- Evidence references: stable pointers to evidence objects (SBOM slices, VEX observations/linksets, reachability proofs, explain traces, attestations).
Key Properties
- Narrative-first: default view answers “Can I ship? If not, why? What’s the smallest safe change?”
- Proof-linked: every important fact links to evidence (no “trust the UI”).
- Quiet by default, never silent: suppression/muting is reversible and auditable.
- Offline-ready: evidence bundles are verifiable without online lookups.
References
- High-level guide:
docs/VULNERABILITY_EXPLORER_GUIDE.md - Console operator guide:
docs/UI_GUIDE.md - Module dossier:
docs/modules/vuln-explorer/architecture.md