Vulnerabilities overview
This document explains the information found on the Vulnerabilities page.
Information available on the Vulnerabilities page
This section below describes each of the available fields you can view on the vulnerabilities page. There are two types of view: by Type and by Vulnerability. Use the former to group all vulnerabilities by type, across all the target scans. Use the latter to see individually all vulnerabilities, across all the target scans. By clicking the Columns button, you can adjust the visibility of information.
View by Type
Vulnerability type
Shows the type of the vulnerability found. Click the arrow by the vulnerability type name to show all occurrences of the vulnerability across all scans and further details: file/URL, target, source, status, confidence, last seen, first seen, and tags. For more information regarding the details, refer to the View by Vulnerability section.
Severity
Shows the severity level of the found vulnerability: critical, high, medium, low, or informational.
Source
Displays how the vulnerability was identified - either through DAST, SAST, SCA or Container Security scan results.
Occurrences
Displays the number of occurrences of each vulnerability across all scans.
MTTR
Mean time to remediate the vulnerability type.
First seen
Lists the first date and time in which Invicti identified the vulnerability.
Last seen
Lists the last date and time in which Invicti identified the vulnerability.
View by Vulnerability
Vulnerability
The name of each vulnerability identified by Invicti Platform with icon showing severity level: critical, high, medium, low, or informational.
File/URL
The file or URL where the vulnerability was identified.
Asset
Name of the target and environment type where the vulnerability was identified.
Source
Displays how the vulnerability was identified - either through DAST, SAST, SCA or Container Security scan results.
Status
The status of the vulnerability can be: Open, Fixed, Ignored, Rediscovered, or False Positive.
Confidence
Lists the confidence level, showing how certain Invicti Platform or SAST integration is of the vulnerability it identified.
Last seen
Lists the last date and time in which Invicti identified the vulnerability.
First seen
Lists the first date and time in which Invicti identified the vulnerability.
Tags
Lists the tags you assigned to the vulnerability.
Vulnerability actions
Export
Allows to export the information on vulnerabilities to a file in .csv, .json, or .xml format.
Bulk actions
After enabling checkbox by multiple vulnerabilities, the Bulk action button allows you to select an action:
- generate report,
- change of status of vulnerabilities,
- send the vulnerabilities to the issue tracker system (after the integration).
Filtering vulnerabilities
It’s possible to filter the vulnerabilities by applying one or more of the filters. Available filter options differ depending on the view selected:
- CWE or Common Weakness Enumeration.
- Threat severity: critical, high, medium, low, information.
- Source: DAST, SAST, SCA or Container Security scan.
- URL: the reference to the resource that contains the issue.
- Occurrences: number of occurrences.
- Status of the vulnerability: false positive, fixed, ignored, open, rediscovered.
- Vulnerability: name of the vulnerability.
- Confidence: the certainty with which Invicti Platform or SAST integration identified the vulnerability.
- Tags: tags assigned to the vulnerability.
- First seen: date when the vulnerability was first identified.
- Last seen: date when the vulnerability was last identified.