.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
The Vulnerabilities page tracks every security vulnerability identified across your environment — from cloud infrastructure misconfigurations to code dependency CVEs. Each vulnerability includes severity scoring, affected assets, remediation guidance, and SLA tracking.Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
What vulnerabilities are for
Your auditor needs to see that you identify, prioritize, and fix security vulnerabilities within defined timelines. The Vulnerabilities module centralizes all findings from connected security tools and lets you track remediation progress with full audit history.How vulnerabilities are collected
Vulnerabilities flow into DSALTA from two sources:- Integration-sourced — When you connect vulnerability scanners (Qualys, Wiz), cloud security tools (AWS GuardDuty, GCP Security Command Center, Azure Defender), or code scanners (GitHub Dependabot, Code Scanning, Secret Scanning), findings sync automatically. Each vulnerability shows the integration name as its source.
- Manual — Upload penetration test results or log vulnerabilities discovered through manual testing.
Viewing your vulnerabilities
Each vulnerability displays:| Column | Description |
|---|---|
| Title | Name or description of the vulnerability |
| Identifier | CVE number or reference ID from the source tool |
| Severity | Critical, High, Medium, or Low (based on CVSS score) |
| Base Score | CVSS base score (0.0–10.0) |
| Status | Open, In Progress, Closed, or On Hold |
| Affected Asset | Which system or component is vulnerable |
| Source | Integration name or “Manual” |
| SLA Due Date | Deadline for remediation based on severity |
- Full summary and potential impact description
- Recommended remediation steps
- Link to the NVD (National Vulnerability Database) for CVEs
- List of all affected assets
- Status change history with timestamps
Working with vulnerabilities
When a new vulnerability appears:- Review the severity and CVSS score to understand the risk.
- Identify the affected asset(s) and their classification level.
- Assign an owner responsible for remediation.
- Update the status as work progresses: Open → In Progress → Closed.
- If remediation is not possible immediately, set the status to On Hold with a justification.
- Critical (CVSS 9.0–10.0) — Remediate within 24–48 hours
- High (CVSS 7.0–8.9) — Remediate within 7 days
- Medium (CVSS 4.0–6.9) — Remediate within 30 days
- Low (CVSS 0.1–3.9) — Remediate within 90 days
Integrations that feed Vulnerabilities
| Integration | What syncs |
|---|---|
| Qualys | Vulnerability scan findings with CVSS scores |
| Wiz | Cloud vulnerability and misconfiguration findings |
| GitHub Dependabot | Dependency vulnerability alerts |
| GitHub Code Scanning | Code analysis findings (CodeQL) |
| GitHub Secret Scanning | Exposed secrets and credentials |
| AWS GuardDuty | Threat findings and security events |
| GCP Security Command Center | Vulnerability and misconfiguration findings |
| Azure Defender | Microsoft Defender for Cloud findings |