Skip to content

Overview

This section documents what AlertaVuln actually watches on your behalf. Everything in the matrix below is live today.

The AlertaVuln vulnerabilities dashboard rendered in dark mode, with alert tiles and per-alert verdicts

The web app ships full light and dark mode support across every page. Demo data.

The Enterprise Risk Matrix plotting open vulnerabilities on a grid of business impact against exploit likelihood

The Enterprise Risk Matrix plots your open vulnerabilities by business impact against exploit likelihood, using CISA KEV and EPSS to rank the likelihood axis. Demo data.

Area What it finds How Details
Dependencies (SCA) Known CVEs affecting the packages you actually depend on, matched the moment they are announced Tech stack derived from the manifests in your connected GitHub / Azure DevOps repos, enriched from NVD, GitHub Advisory, OSV and CISA KEV Dependencies
Static code analysis (SAST) Insecure code patterns in your source Specialised code scanners, run locally by the CLI av sast scan
Secrets Committed credentials, tokens and keys The scan series’ secret scanners, run locally av sast scan
IaC misconfiguration Misconfigured Terraform, Dockerfiles, Kubernetes manifests, Helm charts and similar The infrastructure misconfiguration scanner av sast scan
Licenses Licence terms in the scanned tree, and each package’s registry licence metadata A licence scanner over the tree (its own License finding category), plus registry metadata captured per package av sast scan, Package health
Package health Deprecated, unmaintained and stale packages, and newer versions available upstream Public registry data across all eight supported ecosystems Package health

Dependency alerts and code-scan findings share the same three-tier triage: every finding is RED, YELLOW or GREEN, with the reasoning attached. See the introduction for how the tiers work.