1.3 KiB
1.3 KiB
Vulnerability Explorer Using the Console
This document describes the operator workflow for triaging findings in the Console. It is intentionally evidence-first and audit-oriented.
Workflow (Typical)
- Start from the findings list filtered to the tenant/environment you care about.
- Open a finding to review:
- Verdict and “why” summary
- Effective VEX status and issuer provenance
- Reachability/impact signals (when available)
- Policy gate and explain trace
- Record a triage action (assign/comment/mitigation/exception) with justification.
- Export an evidence bundle when review, escalation, or offline verification is required.
What to Expect in a Finding View
- Clear tenant context and artifact identifiers
- Evidence rail (SBOM, VEX, advisories, reachability, attestations)
- History/timeline of state changes and actions (append-only)
- Copyable identifiers (finding ID, digests, correlation IDs)
Offline / Air-Gap Notes
- When operating from Offline Kit snapshots, the Console should surface snapshot identity and staleness budgets.
- Evidence bundle export is the primary bridge between online and offline review.
References
- Console operator guide:
docs/UI_GUIDE.md - Vulnerability Explorer guide:
docs/VULNERABILITY_EXPLORER_GUIDE.md - Offline Kit:
docs/OFFLINE_KIT.md