CVE Reports

CVE reports can be generated for all projects in your org or for an individual project. The report contains fields for:

  • Package name
  • CVE name
  • Threat severity
  • Status as a public or private project

Download Organization CVE Report

To download a .csv file of all vulnerabilities in your organization, do the following:

  1. Log in to the ActiveState Platform
  2. Go to your organization’s page
  3. Click on the Vulnerabilities (CVEs) tab
  4. Click Download CVE Report

The .csv file containing your report can be easily imported into existing workflows or shared with others who may not have access to the organization’s Platform account.

Download Individual Project Vulnerability Report

To export a detailed vulnerability report for an individual project:

  1. Click on the desired project
  2. From the Overview tab, click Download CVE Report

This generates a PDF of your Vulnerabilities Report that includes:

  • Project name
  • Time of report creation
  • Language and version of the project
  • Commit ID
  • Link to the project
  • A detailed list of all vulnerabilities including their name, link to the National Vulnerability Database, threat severity, and description
  • A list of the secured artifacts included in the project

You can share this report or save it as reference material for future projects or commits.

View Reports from Previous Commits

To view vulnerability reports from previous commits of the same project:

  1. Go to your project’s History tab.
  2. Click View at this Commit.
  3. Click Overview.
  4. Click Report.

This shows the vulnerability report at the time of that commit and will not include any artifacts added later. This function is useful for comparing changes between project commits.

Software Bill of Materials (SBOM) Report

In certain cases, you may need to provide an accompanying SBOM with your CVE report. Information for generating an SBOM via a GraphQL query can be found in the SBOM documentation.

For more information about what CVEs are and how to manage them effectively, see the documentation on Understanding Common Vulnerabilities and Exposures (CVE). For information about remediating vulnerabilities, visit our User Forums or connect with a specialist.