Vulnerabilities
View, prioritize, and remediate security vulnerabilities
Vulnerabilities
Enterprise Software Supply Chain Manager (ESSCM) provides comprehensive vulnerability detection with intelligent prioritization powered by Griffin AI.
Vulnerability Overview
The Vulnerabilities tab shows vulnerability distribution across five categories:
- Critical - Highest severity, immediate action required
- High - Serious vulnerabilities to address promptly
- Medium - Moderate risk issues
- Low - Lower priority vulnerabilities
- Exploitable - Vulnerabilities with known active exploitation in the wild
Continuous Scanning
Safeguard.sh performs daily continuous scanning of all your projects to detect new vulnerabilities as they are disclosed. When new CVEs are published, your projects are automatically re-evaluated to determine if they are affected.
This ensures:
- Up-to-date vulnerability information
- Immediate alerts on new threats
- Proactive security posture management
Vulnerability Prioritization
Griffin AI intelligently prioritizes vulnerabilities to help you focus on what truly matters. Not all vulnerabilities require immediate action—Griffin AI helps determine if a vulnerability really needs to be fixed based on:
Exploitability
- EPSS Score - Exploit Prediction Scoring System
- Active Exploitation - Known exploitation in the wild (CISA KEV)
- Exploit Availability - Public exploits available
- Exploitable Status - Whether the vulnerability is actively exploitable
Reachability
- Call Path Analysis - Is the vulnerable code actually called?
- Runtime Context - Production vs development usage
- Configuration Impact - Feature flags and settings
Business Context
- Asset Criticality - Importance of affected systems
- Data Sensitivity - Type of data at risk
- Exposure Level - Internet-facing vs internal
Vulnerability Details
For each vulnerability:
| Field | Description |
|---|---|
| CVE ID | Common Vulnerabilities and Exposures identifier |
| CVSS Score | Severity score (0-10) |
| EPSS Score | Exploit probability percentage |
| Exploitable | Whether actively exploited in the wild |
| Affected Component | Package name and version |
| Fixed Version | Version that resolves the issue |
| Description | Detailed vulnerability description |
| References | Links to advisories and documentation |
| Reachability | Whether the code path is reachable |
Filtering & Search
Filter vulnerabilities by:
- Severity level
- CVSS score range
- EPSS score range
- Exploitable status
- Component name
- Fix availability
- Reachability status
- Date range
Use Griffin AI natural language search:
"Show me critical vulnerabilities in production that are actively exploited"Vulnerability Actions
AI Remediate
Click the AI Remediate button to let Griffin AI automatically generate fixes:
- Click AI Remediate at the top of the Vulnerabilities page
- Griffin AI analyzes all vulnerabilities and generates remediation plans
- Review the proposed changes
- Create Pull Requests automatically
Learn more about AI Remediate →
View Fix Options
- Click on a vulnerability
- Select View Fix
- Review upgrade options
- See breaking change warnings
Mark as False Positive
If a vulnerability doesn't apply:
- Click Mark False Positive
- Provide justification
- Submit for approval (if required by policy)
Accept Risk
Temporarily accept a vulnerability:
- Click Accept Risk
- Set expiration date
- Documentation the business justification
- Submit for approval
Data Sources
We aggregate vulnerability data from:
- National Vulnerability Database (NVD)
- GitHub Security Advisories
- OSV (Open Source Vulnerabilities)
- CISA KEV (Known Exploited Vulnerabilities)
- Vendor security bulletins
- Security researcher disclosures