33 lines
1.3 KiB
Markdown
33 lines
1.3 KiB
Markdown
# Vulnerability Explorer Using the Console
|
|
|
|
This document describes the operator workflow for triaging findings in the Console. It is intentionally evidence-first and audit-oriented.
|
|
|
|
## Workflow (Typical)
|
|
|
|
1. Start from the findings list filtered to the tenant/environment you care about.
|
|
2. Open a finding to review:
|
|
- Verdict and “why” summary
|
|
- Effective VEX status and issuer provenance
|
|
- Reachability/impact signals (when available)
|
|
- Policy gate and explain trace
|
|
3. Record a triage action (assign/comment/mitigation/exception) with justification.
|
|
4. Export an evidence bundle when review, escalation, or offline verification is required.
|
|
|
|
## What to Expect in a Finding View
|
|
|
|
- Clear tenant context and artifact identifiers
|
|
- Evidence rail (SBOM, VEX, advisories, reachability, attestations)
|
|
- History/timeline of state changes and actions (append-only)
|
|
- Copyable identifiers (finding ID, digests, correlation IDs)
|
|
|
|
## Offline / Air-Gap Notes
|
|
|
|
- When operating from Offline Kit snapshots, the Console should surface snapshot identity and staleness budgets.
|
|
- Evidence bundle export is the primary bridge between online and offline review.
|
|
|
|
## References
|
|
|
|
- Console operator guide: `docs/UI_GUIDE.md`
|
|
- Vulnerability Explorer guide: `docs/VULNERABILITY_EXPLORER_GUIDE.md`
|
|
- Offline Kit: `docs/OFFLINE_KIT.md`
|