Explore Risk Advisories
Add a technology stack for your software asset, and we’ll show you a preview of risk advisories based on the Common Vulnerabilities and Exposures (CVE) standard for that stack.
This integration supports the following asset types:
- Web
- Mobile
- API
- Combined assets that include the listed types
Add a Technology Stack for Your Asset
When you create or update an asset in the Cobalt app, add a technology stack for it:
-
Once you’ve specified the asset type, select Add Technology, and start typing the technology name. We’ll show you a list of technologies that match your input.
-
Select a technology with the exact version number.
- The CPE label means that a technology is present in the Common Platform Enumeration (CPE) Dictionary maintained by the National Institute of Standards and Technology (NIST). As defined by NIST, CPE is a structured naming scheme for information technology systems, software, and packages.
-
If your technology version is missing from the list, you can add a custom version. Start typing the technology name, and then select Add (technology). Click for specific examples.
-
Add more technologies to the stack.
When you create a pentest for this asset, the technologies that you added populate in the Technology Stack field on the Set Requirements page.
Preview Risk Advisories
Now you can preview potential vulnerabilities for your asset on the Risk Advisory tab. Here, you can see the following details for each vulnerability:
- Vulnerability ID in the CVE system
- Severity level in the Common Vulnerability Scoring System (CVSS)
- Technology with the version number that you added
Select a vulnerability to view detailed information on the National Vulnerability Database (NVD) website. Learn how to remediate potential issues with your asset, and take the required action.
