To access SCA vulnerability issues, navigate to → → → .
The Vulnerabilities page displays a filterable, sortable table of all CVE vulnerability issues detected across monitored repositories.
Note
The default sort order is by Severity (descending). The default filter shows issues with a status of New and In Progress. Resolved issues are hidden by default.
The Vulnerabilities page contains two tabs: Issues and Findings.
Issues tab: Displays deduplicated, policy-evaluated CVE vulnerability issues. The Issues tab is the default view and the primary workspace for triage and remediation. Issues are created when a raw scanner finding matches a unified policy
Findings tab: Displays all raw CVE vulnerability findings detected by the SCA scanner before policy evaluation. The Findings tab provides visibility into the complete scanner output, including findings that did not generate issues because no matching unified policy exists. Use the Findings tab to audit scanner coverage, review findings excluded by current policy configurations, and identify opportunities to create new policies for uncovered finding patterns
Note
Findings in the Findings tab are raw scanner output and do not have resolution statuses, SLA tracking, or assignees. To track remediation for a specific finding, create or update a policy that matches the finding pattern to generate an actionable issue in the Issues tab.
For more information on findings, refer to Investigate CVE vulnerabilities findings.