Skip to main content

Component Detail

Component Detail gives you a full view of a single software component — including the supply chain attack campaigns targeting it, its CVE vulnerabilities, and which assets in your organization are affected.

To open it, click any component name in SBOM Inventory.

The header shows the component name in Name@Version format and an Ecosystem badge. Click ← Back to return to SBOM Inventory.


Supply Chain Attacks

The Supply Chain Attacks tab is shown by default when you open Component Detail.

Component Detail — Supply Chain Attacks tab

Each row is an attack campaign linked to this component:

ColumnDescription
Campaign NameCampaign name. Click to open the reference page in a new tab.
Recommended FixRemediation guidance. Truncated after 2 lines — hover to read in full.
RegistryPackage registry containing the affected component.
Malicious DependencyThe compromised dependency, if identified. Shown as - when not applicable.
Published AtDate published (dd/MM/yyyy).

Default sort: Published At descending. If there are no campaigns, the tab shows No Data.

Filter and search:

  • Filter by registry: select from Select registry.
  • Search by campaign name or malicious dependency: type in the search field and press Enter.

Vulnerabilities

  1. Click the Vulnerabilities tab.

Component Detail — Vulnerabilities tab

Each row is a CVE affecting this component:

ColumnDescription
SeveritySeverity level: Critical / High / Medium / Low.
CVE IDCVE identifier. Click to open the CVE reference in a new tab.
DescriptionVulnerability description. Truncated after 2 lines — hover to read in full.
Fixed InVersion(s) that fix the CVE, comma-separated. Shown as - if no fix is available.
Exploited In The WildWarning icon if this CVE has confirmed real-world exploitation.
Public PoCIcon if a public proof-of-concept exploit exists.

Default sort: Severity Score descending.

warning

Prioritize CVEs marked Exploited In The Wild or with a Public PoC regardless of severity score — these carry active exploitation risk.

Filter and search:

  • Filter by severity: select from Select severity.
  • Filter by exploitation status: select from Select exploited.
  • Filter by PoC availability: select from Select Public POC.
  • Search by CVE ID or description: type in the search field and press Enter.

Affected Assets

  1. Click the Affected Assets tab.

Component Detail — Affected Assets tab

Each row is an asset that uses this component:

ColumnDescription
Asset NameRepository: full path and branch. Container image: image path and version. Hover over truncated names to see the full value.
Integration TypeGitHub, GitLab, GitLab Server, Harbor, or FPT Container Registry.
Last Scanned AtMost recent scan timestamp (dd/MM/yyyy HH:mm:ss).

Default sort: Last Scanned At descending.

note

A higher Affected Assets count means the component is more widely used across your organization. Combine this with the Exploited In The Wild flag to prioritize which components to remediate first.

Filter and search:

  • Filter by integration type: select from Select integration type.
  • Search by asset name: type in the search field and press Enter.