Explore Risk Advisories

Preview potential vulnerabilities for your assets.

Add a technology stack for your software asset, and we’ll show you a preview of risk advisories based on the Common Vulnerabilities and Exposures (CVE) standard for that stack.

This integration supports the following asset types:

  • Web
  • Mobile
  • API
  • Combined assets that include the listed types

Add a Technology Stack for Your Asset

When you create or update an asset in the Cobalt app, add a technology stack for it:

  1. Once you’ve specified the asset type, select Add Technology, and start typing the technology name. We’ll show you a list of technologies that match your input.

  2. Select a technology with the exact version number.

    • The CPE label means that a technology is present in the Common Platform Enumeration (CPE) Dictionary maintained by the National Institute of Standards and Technology (NIST). As defined by NIST, CPE is a structured naming scheme for information technology systems, software, and packages.
  3. If your technology version is missing from the list, you can add a custom version. Start typing the technology name, and then select Add (technology). Click for specific examples.

    Examples of ✅ valid CPE names:

    Examples of ❌ invalid CPE names:

  4. Add more technologies to the stack.

Add a technology stack for your asset

When you create a pentest for this asset, the technologies that you added populate in the Technology Stack field on the Set Requirements page.

Preview Risk Advisories

Now you can preview potential vulnerabilities for your asset on the Risk Advisory tab. Here, you can see the following details for each vulnerability:

Select a vulnerability to view detailed information on the National Vulnerability Database (NVD) website. Learn how to remediate potential issues with your asset, and take the required action.

Preview CVE-based risk advisories for your asset

Last modified December 18, 2024