Oracle Cloud Infrastructure Documentation

Getting a Vulnerability Audit's Details

Describes how to get the details of a vulnerability audit.

In the detected vulnerabilities, there can be false positives. A false-positive vulnerability refers to a vulnerability that's detected during the audit but not considered affecting the application according to the dependency details. They're based on the usage data. An ignored vulnerability refers to a vulnerability that’s detected during the vulnerability audit creation and marked as ignored based on the configuration. In the left-side panel, you can choose the filter option to hide the false positives.

    1. Open the navigation menu and click Developer Services. Under App Dependency Management, click Vulnerability Audits.
    2. On the Vulnerability audits page, from the list of compartments on the left side, select a compartment.
    3. From the list of vulnerability audits, click the vulnerability audit for which you want to view the details.
      On the Vulnerability audit details page, you can view the details of the vulnerability audit. In the Application dependencies table, you can view the list of the associated application dependencies. The table displays the dependency name, version, and maximum severity. Severity refers to the impact and criticality of a vulnerability. Any vulnerabilities in the knowledge base with Unknown severity aren't included in audits and remediation detect stages.

      Dependencies identified as false positives are shown with a 'false positive' indicator in parenthesis. When you click the vulnerability link, it opens the National Vulnerability Database page.

  • Use the oci adm vulnerability-audit get command and required parameters to retrieve the details of the specified vulnerability audit:

    oci adm vulnerability-audit get --vulnerability-audit-id vulnerability_audit_id [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Use the GetVulnerabilityAudit operation to retrieve the details of the specified vulnerability audit.