Getting a Vulnerability Audit's Details
Describes how to get the details of a vulnerability audit.
In the detected vulnerabilities, there can be false positives. A false-positive vulnerability refers to a vulnerability that's detected during the audit but not considered affecting the application according to the dependency details. They're based on the usage data. An ignored vulnerability refers to a vulnerability that's detected during the vulnerability audit creation and marked as ignored based on the configuration. In the left-side panel, you can choose the filter option to hide the false positives.
- On the Vulnerability audits list page, select the vulnerability audit that you want to work with. If you need help finding the list page, see Listing Vulnerability Audits.The details page displays information about the vulnerability audit. In the Application dependencies table, you can view the list of the associated application dependencies. The table displays the dependency name, version, and maximum severity. Severity refers to the impact and criticality of a vulnerability. Any vulnerabilities in the knowledge base with Unknown severity aren't included in audits and remediation detect stages.
Dependencies identified as false positives are shown with a 'false positive' indicator in parenthesis. When you click the vulnerability link, it opens the National Vulnerability Database page.
Use the oci adm vulnerability-audit get command and required parameters to retrieve the details of the specified vulnerability audit:
oci adm vulnerability-audit get --vulnerability-audit-id vulnerability_audit_id [OPTIONS]For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Use the GetVulnerabilityAudit operation to retrieve the details of the specified vulnerability audit.