CVE Watch

CVE Watch continuously monitors NVD, GHSA, and CISA KEV for newly published advisories and produces an alert whenever a new CVE affects a package present in your scanned images. You see a CVE within minutes of its publication, scoped only to images you actually run.

Settings

CVE Watch is configured under Settings → CVE Watch. The settings object is:

A common KEV-only setup, where you only want alerts on actively exploited CVEs, is sources: ["cisa_kev"].

Updating settings

curl -X PUT \
  -H "Authorization: Bearer $HG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "minSeverityFilter": "HIGH",
    "sources": ["nvd", "ghsa", "cisa_kev"]
  }' \
  "https://harborguard.co/api/cve-watch/settings"

PUT /api/cve-watch/settings requires the admin role.

Status

GET /api/cve-watch returns the current configuration plus aggregate stats and the timestamp of the most-recent successful poll across all sources. Use this to verify the feature is healthy.

Manual refresh

When you need an immediate refresh — typically during incident response, after a high-profile zero-day announcement — trigger a poll on demand:

curl -X POST \
  -H "Authorization: Bearer $HG_API_KEY" \
  "https://harborguard.co/api/cve-watch/trigger"

The endpoint is rate-limited to one trigger per 5 minutes per organization and requires the admin role. The response returns a jobId you can correlate with the resulting alert batch.

What gets alerted

A new alert fires when:

1. A new CVE record is published or updated by one of the configured sources.
2. The CVE references a package that exists in your dependency inventory.
3. The CVE's severity is at or above minSeverityFilter.

Alerts contain the affected images and the suggested fix version (if any). See Alerts for the full alert object and notification routing.