Analysis tab
Updated 2025-04-15 SBOM Central
The Analysis tab provides a list of conducted analyses on how to manage and remediate vulnerabilities. The analyses may target specific environments (tags) or apply to all environments simultaneously.
If a vulnerability has multiple analyses, the most recent one is considered valid
| Header | Description |
|---|---|
| Id | The identity of the decision and a link to open the edit pop-up dialog. |
| Valid from | Start date for the decision to be valid. |
| Tags | Tags (environments) selected for this decision. If no tag: All environments. |
| Priority | Level of priority to mitigate the vulnerability. |
| Environmental score | Total CVSS score if Environmental metrics are modified. |
| State | Current state of action |
| Action | Action: Fix/Don't fix |
| Due date | Latest date to perform "action" |
| Last update | When the decison was last updated. |
| Delete button | Delete the decision. |
Decision pop-up dialog.
CVSS Environmental Metrics opened >
| Description | |
|---|---|
| Top boxes | Current CVSS score & New CVSS Score after modifying the Environmental metrics. |
| Scoring vector | Updated scoring vector when modifying metrics. |
| (VEX Analysis) Source id | Source id to be set into the VEX modified rating. Predefined value, default="local". |
| (VEX Analysis) State | Current status regarding the vulnerability. Predefined value, default="In triage". |
| (VEX Analysis) Justification | Opened when State=Not affected. |
| (VEX Analysis) Response | Predefined response values. |
| (VEX Analysis) Detail | Added information. |
| Environmental metrics | Opens an editable selection field, modifying the Environmental metrics. Described in detail here (external link). (optional). |
| Valid from | Select the start date for activating the decision (optional). |
| Tags | Possibility to select a number of tags as a target for this decision (optional). |
| Priority | To override the priority set by the CVSS score. If Priority here is "Not set" the Priority will be equal to the value of CVSS. |
| Action | Fix/Don't fix, an actionable analysis decision for the organization. |
| Due date | If Action=Fix, a mitigation due date selection will be visible. |
| Comment | An overall comment field for the analysis. |