Skip to main content

Vulnerabilities Page

The Vulnerabilities lake serves as your central hub for viewing and managing all security vulnerabilities discovered by your connected scanners. This comprehensive view helps you quickly identify, prioritize, and track security issues across your entire organization.

Uploading Vulnerability Reports

In addition to automatically collecting vulnerabilities from connected scanners, you can manually upload vulnerability reports using the Upload Report action at the top of the page.

What You’ll See

Vulnerability Metrics

At the top of the page, you’ll find summary metrics including:
  • Total number of unresolved vulnerabilities
  • Breakdown by source
  • Breakdown by severity (Critical, High, Medium, Low)
  • SLA compliance Breakdown

Vulnerability List

Each vulnerability is displayed as a card showing:
  • Source: Icon indicating the source scanner
  • Title: Description of the vulnerability and its origin
  • Type: Vulnerability type being addressed
  • Severity: Color-coded badge (Critical, High, Medium, Low)
  • Repository: for vulnerabilities originated from code
  • Image: for vulnerabilities originated from runtime
  • Issue ID: External reference link to the scanner’s findings
  • Detection Date: When the vulnerability was first discovered
  • SLA Status: Time remaining or overdue indication
  • Status: Current state (Open, In Progress, Resolved, etc.)
  • Remediation: Link to associated remediation efforts
Find specific vulnerabilities quickly using multiple filter options:
  • Text Search: Search by vulnerability title or description
  • Source: Filter by the scanner that detected the issue
  • Type: Filter by vulnerability type
  • Severity: Show only specific severity levels
  • Repository: Filter by repository name (for code-originated vulnerabilities)
  • Image: Filter by container image (for runtime-originated vulnerabilities)
  • Issue: The vulnerability identifier
  • SLA: Filter by time to SLA deadline
  • Status: Filter by current vulnerability status
Use multiple filters together to narrow down specific vulnerabilities. For example, filter for “Critical” severity in a specific repository or image to focus on high-priority issues.

Working with Vulnerabilities

Viewing Details

Click on any vulnerability card to open a detailed drawer showing:
  • Complete vulnerability description
  • Status and explanation about the state of the vulnerability
  • Affected packages and versions
  • Related vulnerabilities
  • Links to external resources (pull requests, tickets)

Taking Action

From the vulnerability drawer, you can:
  • View the full vulnerability details and recommendations
  • Navigate to the source repository
  • Check associated remediation efforts
  • Access related pull requests or tickets
1

Access the Page

Click Vulnerabilities in the main navigation menu.
2

Browse or Filter

Scroll through the list or use filters to find specific vulnerabilities.
3

View Details

Click on any vulnerability card to see comprehensive information.

Understanding Severity Levels

Critical

Requires immediate attention. Default SLA: 3 days.

High

Significant risk. Should be addressed quickly. Default SLA: 14 days.

Medium

Moderate risk. Plan for resolution. Default SLA: 30 days.

Low

Minor issues. Address as capacity allows. Default SLA: 90 days.
SLA timelines can be customized in Settings to match your organization’s security policies.

Exploit Signals

Beyond severity ratings, Backline automatically calculates exploit signals for each vulnerability. These signals (scored 0-100) indicate how likely a vulnerability is to be exploited in the real world based on threat intelligence from multiple sources.

YES - Exploitable

Active exploitation or PoC code exists. Patch immediately regardless of severity.

UNCERTAIN

Moderate exploitation signals. Monitor closely for escalation.

NO - Unlikely

No exploitation evidence yet. Follow standard SLA based on severity.

N/A

Insufficient threat intelligence data available.
Combine severity and exploitability for smarter prioritization. A “High” severity vulnerability with active exploitation (YES) may be more urgent than a “Critical” vulnerability with no exploitability evidence (NO).
Learn more: See Exploit Signals for detailed information about how scores are calculated and how to use them effectively.

Supported Report Types

Backline currently supports the following vulnerability report types: SCA (Software Composition Analysis) reports from these sources:
  • Trivy - JSON format
  • OSV - JSON format
  • Custom Report - CSV format with YAML configuration
Image reports from:
  • Custom Report - CSV format with YAML configuration

How to Upload a Report

1

Click Upload Report

At the top of the Vulnerabilities page, click the Upload Report button.
2

Select Report Type

Choose your report type:
  • SCA scan: For Software Composition Analysis vulnerability reports
  • Image scan: For container image vulnerability reports
3

Configure Based on Report Type

For SCA scan:
  • Select your source scanner:
    • Trivy: Upload a JSON file in Trivy’s standard format
    • OSV: Upload a JSON file in OSV’s standard format
    • Custom Report: Upload a CSV file with a YAML configuration (see below)
  • Choose the repository that this vulnerability report relates to from the dropdown
  • Optionally configure Local Repository settings (see below)
For Image scan:
4

Configure Local Repository (Optional - SCA only)

If your SCA report was generated from a local environment:
  • Check the Local Repository checkbox
  • Specify the path to the root of your repository in your local environment
  • This helps Backline correctly map file paths in your scan results to your source code structure
5

Upload Files

Upload the required file(s) based on your selected report type and source scanner.

Custom Report Configuration

When using the Custom Report option, you need to provide two files:
  1. Report File (CSV): A CSV file containing your vulnerability report details
  2. YAML Config File: A configuration file that maps your CSV columns to Backline’s expected fields
  1. Click Download Config File in the upload dialog to see the required mapped fields
  2. For each required field in the config, specify the column title from your CSV file
  3. Example mapping:
# Report configuration example
# This configuration file defines how to process and analyze the report data
# It includes settings for file parsing, column mappings, and processing options

# field_name: the name of the field in the CSV report
# prop_name: the name of the field in Backline

mappings:
  - field_name: cve_id
    prop_name: FindingID
  - field_name: package_name
    prop_name: PackageName
# ... map all required fields
  1. Ensure the column names in your YAML exactly match the headers in your CSV file
Download the sample config file to ensure you have all the required field mappings before uploading your custom report.

After Upload

Once your report is uploaded, Backline will:
  1. Analyze all vulnerabilities in the report
  2. De-duplicate vulnerabilities that already exist in the system
  3. Set remediation plans for vulnerabilities where fixes are available
  4. Display the new vulnerabilities in your Vulnerabilities lake
Processing large reports may take a few minutes. You’ll see the vulnerabilities appear in your dashboard once processing is complete.