VulnScout Documentation

Contents:

• VulnScout
  • Introduction
    • VulnScout Features
  • Architecture
    • Supported Input Files
    • Supported Output Files
    • Vulnerability Data Sources
    • Custom CVSS Scoring
  • Licence
• Getting Started
  • Requirements
  • Installation
  • First Run
  • Starting the Web Interface
  • Stopping VulnScout
• VulnScout CLI
  • Container Lifecycle
  • Updating VulnScout
  • Interactive Mode (Web UI)
    • Web Interface Settings
  • Projects and Variants
  • Input Sources
    • SPDX SBOM
    • CycloneDX SBOM
    • Yocto CVE Check Output
    • OpenVEX
    • Grype
    • Combining Inputs
  • Performing a Grype Scan
  • Non-Interactive Mode (CI / Automation)
  • Report Generation
  • Exporting SBOM Files
  • Exporting and Importing Custom Assessments
    • Exporting Custom Assessments
    • Importing Custom Assessments
  • Configuration
    • Configuration Commands
    • Environment Variables
  • HTTP Proxy Configuration
  • Migrating from the Legacy docker-compose Workflow
• Using Container Entrypoint
  • Container Lifecycle
  • Command Reference
    • Settings
    • Input Commands
    • Scan & Output Commands
    • Data Retrieval Commands
    • Configuration Commands
    • Other Commands
  • Exit Codes
  • Execution Order
  • Internal Paths
  • Examples
  • Legacy Setup Detection
• Interactive Mode
  • Getting Started with vulnerability analysis
    • Starting a New Project
    • Threat Model
    • Assessment Status in VulnScout
    • Goal of the Interactive Mode
  • SBOM Table
    • Search
    • Column Visibility
    • Filters
    • Severity Toggle
    • Actions
  • Vulnerability Table
    • Search
    • Column Visibility
    • Filters
    • Row Selection and Bulk Editing
    • Sorting
    • Opening a Vulnerability
  • Vulnerability Details
    • Header and Metadata
    • CVSS Vectors
    • Descriptions and Links
    • Time Estimation
    • Assessments
    • Navigation
  • Scan History
    • Scanners
    • Running Scans
    • Source Visibility Toggles
    • Timeline Layout
    • Scan Descriptions
    • Diff Details Modal
    • Scan Result Modal
    • Scan Export
  • Review
    • Assessment Table
    • Search and Filters
    • Import and Export
• Writing Report Templates
  • Templating System
    • Template Locations
    • Adding a Custom Template
    • Automatic Generation
    • Global Variables Available in Templates
    • Environment Variables Available in Templates
    • Vulnerability Object
    • Package Object
    • Assessment Object
    • Project Object
    • Variant Object
    • Scan Object
    • SBOM Document Object
  • Filters and Helpers
    • Conversion
    • Status Filtering
    • Score Filtering
    • Date Filtering
    • Sorting
    • Relational Filtering
  • Common Examples and Tips
  • Traversing the data models
• Writing Match Conditions
  • Synopsis
  • Description
  • Exit Status
  • Examples
  • Global Syntax and Language Definition
  • Tokens
  • Common Examples and Tips
• REST API
  • Version & Status
    • Get Server Version
    • Get Initial Scan Status
  • Config
    • Get Current Config
  • Projects
    • List Projects
    • Create Project
    • Rename Project
    • Delete Project
  • Variants
    • List All Variants
    • List Variants for a Project
    • Create Variant
    • Rename Variant
    • Delete Variant
  • Packages
    • List Packages
  • Vulnerabilities
    • List Vulnerabilities
    • Get Single Vulnerability
    • Update Vulnerability
    • Batch Update Vulnerabilities
  • Assessments
    • List Assessments
    • Get Single Assessment
    • List Assessments for a Vulnerability
    • List Variants for a Vulnerability
    • Create Assessment
    • Batch Create Assessments
    • Update Assessment
    • Delete Assessment
    • Review Assessments (User-Created)
    • Custom Data Import / Export
  • Documents
    • List Available Documents
    • Generate / Download Document
  • Scans
    • List Scans
    • List Scans for a Project
    • List Scans for a Variant
    • Update Scan Description
    • Delete Scan
    • Get Scan Diff
    • Get Scan Global Result
    • Export Scan Diff
    • Export Scan Global Result
    • Export All Scans
  • Scan Triggers
    • Trigger Grype Scan
    • Check Grype Scan Status
    • Trigger NVD Scan
    • Check NVD Scan Status
    • Trigger OSV Scan
    • Check OSV Scan Status
  • SBOM Upload
    • Upload SBOM Files
    • Check Upload Status
  • Progress
    • NVD Progress
    • EPSS Progress
  • Notifications
    • Get Notifications
• Developer’s Guide
  • Developing VulnScout
    • Requirements
    • Project Structure
    • Modify the Backend
    • Modify the Frontend
  • Testing the Project
    • Quick Setup with CQFD
    • Running Tests Locally (without CQFD)
    • Setting a Custom Version
    • Testing the Docker Image
  • Code Quality and Linting
    • Python Backend (Flask)
    • Frontend (React + TypeScript)
    • Bash Scripts (vulnscout and entrypoint.sh)
    • Pre-commit Hook
  • Building the Documentation
    • Local Build
    • Building with CQFD
  • Release Process
    • Version Numbering Strategy
• Yocto Integration
  • meta-vulnscout
    • Features
    • Getting Started