Explore Risk Advisories
Add a technology stack for your software asset, and we’ll show you a preview of risk advisories based on the Common Vulnerabilities and Exposures (CVE) standard for that stack.
This integration supports the following asset types:
- Combined assets that include the listed types
Add a Technology Stack for Your Asset
When you create or update an asset in the Cobalt app, add a technology stack for it:
Once you’ve specified the asset type, select Add Technology, and start typing the technology name. We’ll show you a list of technologies that match your input. The list contains only valid technologies.
Select a technology with the exact version number.
If your technology version is missing from the list, you can request to add it. Start typing the technology name, and then select Add new version. In the overlay that appears, submit a technology and its version, and we’ll validate it for you.
Select the key for specific examples.Examples of ✅ valid technologies:
Examples of ❌ invalid technologies to avoid:
- For a Web asset:
- Facebook React 17.0.1
- Angular Angular 15.0.1 for Node.js
- Nuxtjs Nuxt.js 2.15.8 for Node.js
- Vercel Next.js 13.0.5 for Node.js
- For a Mobile asset:
- React Native 0.64.2
- Apple Swift for Ubuntu 5.1
- Google Android API 19
- Ionic Framework Ionic Web View 4.1.2 for Cordova
- For an API asset:
- Node.js 16.16
- Python 3.9.0
- Django Project Django 4.1.1
- Microsoft ASP.NET Core 7.0.0
- Oracle OpenJDK 18
- PHP 8.1.12
- Redis 7.0.5
- MongoDB 5.0.6
- Oracle MySQL 8.0.31
- PostgreSQL 15.1
- Microsoft SQL Server 2019
- For a Web asset:
Add more technologies to the stack.
When you create a pentest for this asset, the technologies that you added populate in the Technology Stack field on the Set Requirements page.
Preview Risk Advisories
Now you can preview potential vulnerabilities for your asset on the Risk Advisory tab. Here, you can see the following details for each vulnerability:
- Vulnerability ID in the CVE system
- Severity level in the Common Vulnerability Scoring System (CVSS)
- Technology with the version number that you added
Select a vulnerability to view detailed information on the National Vulnerability Database (NVD) website. Learn how to remediate potential issues with your asset, and take the required action.
NotePotential vulnerabilities on the Risk Advisory tab don’t belong to your pentests. These are potential risks based on the Common Vulnerabilities and Exposures (CVE) standard that we show for your reference.
Was this page helpful?Yes No Create an Issue