Vulnerability Dashboard

The vulnerability dashboard aggregates every finding produced by your scanners into a single, filterable inventory. Each row represents a unique CVE × package × image-tag tuple, so the same CVE present in multiple images appears as separate, independently triageable rows.

Filters

The list view supports the following filter parameters:

The same filters drive the UI; the URL query string round-trips so dashboards can be shared.

API

curl -H "Authorization: Bearer $HG_API_KEY" \
  "https://harborguard.co/api/vulnerabilities?severity=CRITICAL&status=OPEN&sort=-cvss&pageSize=50"

Response is the standard paginated envelope:

{
  "data": [
    {
      "id": "vuln_01HV...",
      "cveId": "CVE-2026-10012",
      "severity": "CRITICAL",
      "cvss": 9.8,
      "package": "openssl",
      "installedVersion": "3.0.7-r0",
      "fixedVersion": "3.0.13-r0",
      "image": "api-gateway",
      "tag": "v2.4.1",
      "triage": { "status": "OPEN", "slaDeadline": "2026-04-27T00:00:00Z" },
      "timeline": { "detectedAt": "2026-04-26T08:14:22Z" }
    }
  ],
  "pagination": { "page": 1, "pageSize": 50, "total": 213 }
}

Search

The search input matches CVE ID exactly when the query begins with CVE-, otherwise it does a case-insensitive substring match against package name and the CVE description.

Bulk actions

Selecting multiple rows enables:

• Update triage status — applies the same state transition to every selected vuln (see Triage for valid transitions).
• Assign — sets triage.assignee on each selection.
• Export — downloads the current selection as CSV or JSON.
• Create attestation — opens the attestation form pre-filled with the selected CVE/package pairs (only valid when all selections share the same CVE and package).

Empty / unconfigured state

If your organization has no scanned images yet, the dashboard surfaces a "no scans yet" placeholder instead of an empty grid. Connect a registry and run a scan to populate the inventory.

See also