Skip to content

Project Vulnerabilities

Project vulnerabilities represent security issues found during assessments. Each vulnerability includes details like description, solution, and CVSS score.

Project Vulnerability

Adding Vulnerabilities

Three ways to add vulnerabilities:

  • Search Template: Find and import from Vulnerability Database
  • Add New: Create blank vulnerability entry
  • Upload CSV: Import from Nessus or compatible scan files

Validation Rules

  • Cannot add vulnerabilities to completed projects
  • Project must have defined scope in Project Scope tab
  • Only active projects (Upcoming, In Progress, Delayed, On Hold) accept new vulnerabilities

Publishing Vulnerabilities

  • Toggle vulnerabilities between published/unpublished state
  • Only published vulnerabilities appear in customer dashboard
  • Unpublished vulnerabilities remain visible only to internal users
  • Use for reviewing findings before sharing with customers

CSV Import

Required columns for CSV import:

  • Host: IP address or URL
  • Port: Network port
  • Name: Vulnerability title
  • Description: Details about the issue
  • Solution: Remediation steps
  • Risk: Severity level (Critical, High, Medium, Low, Info)

Vulnerability Status

Three possible statuses:

  • Vulnerable: Unresolved issue
  • Confirmed Fix: Issue resolved
  • Accepted Risk: Issue acknowledged as acceptable risk

Vulnerability Instances

Each vulnerability requires at least one instance with:

  • Specific location (URL, parameter, IP, port)
  • Individual status tracking
  • Independent verification

Vulnerability Instance