Vulnerability Update report

Based on a specific date range, the Vulnerability Update report includes the following information for projects to which you have access:

  • New vulnerabilities.

    For example, you can use this report to identify new vulnerabilities after code or a Docker image has been rescanned.

  • Updates to the remediation status of existing vulnerabilities.

    For example, you can use this report to track the progress of a remediation effort.

  • Updates to any of the data that is associated with vulnerabilities.

    For example, you can use this report to identify if the risk scores associated with existing vulnerabilities have changed.

This report can be run at the global level (for all projects to which you have access) or for one or more projects to which you have access. It can also be run at the project version level to view this information for a specific project version.

Running a Vulnerability Update report at the global level

To run a Vulnerability Update report at the global level:

  1. Log in to Black Duck.

  2. Click Reports icon.

  3. Click + Create new report. The Create New Report dialog box appears.

  4. Select Vulnerability Update Report from the Report Type list.

  5. To run the report for selected projects, enter one or more project names in the Projects field. Leave the field blank to create the report for all projects to which you have access.

  6. Select either HTML or CSV as the report format.

    Tip: Use the CSV option when your data becomes too large to render and view in the browser.

  7. Select the dates for this report. The date represents the day on which the vulnerability was added to a project version or the information associated with the vulnerability was updated. By default, the end date is the current date.

  8. Click Confirm to run the report.

    One of the following links appear when the report completes:

    • vulnerability-update-report_all_assigned_projects_YYYY-MM-DD_HHMMSS (time stamp in system timezone) for a global version of the report

    • vulnerability-update-report_YYYY-MM-DD_HHMMSS (time stamp in system timezone) for one or more projects

    Reports for a specific project can be accessed by any user who is a member of the project. However, if the report contains multiple projects, the user must be a member of all projects to access the report.

  9. Select the link to view the report.

    If you selected CSV as the report format, download the report and extract the zip file. The CSV report will contain four reports:

    • new-remediated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all new remediations for the selected project(s) within the specified time frame. A vulnerability is newly remediated if the remediation was created after the vulnerability was created and it is in the specified time range.

    • new-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all new vulnerabilities for the selected project(s) within the specified time frame. A vulnerability was associated to a BOM component whether or not it is remediated and the bom association was in the specified time range.

    • updated-remediated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all updated remediations for vulnerabilities that occurred within the specified time range for the selected project(s). A vulnerability has an updated remediation if the remediation update happened after the remediation was created and is in the specified time range.

    • updated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all updated vulnerabilities for the selected project(s) within the specified time frame. A vulnerability is updated if the the updated dateTime is within the specified time range and this vulnerability risk was updated after the risk was created.

Note: You can use the native print functionality of your web browser to print the HTML version of the report.

Running a Vulnerability Update report at the project level

To run a Vulnerability Update report at the project level:

  1. Log in to Black Duck.

  2. Click the desired project name on the Dashboard.

  3. Click the desired project version.

  4. Click the Reports tab.

  5. Click + Create new report. The Create New Report dialog box appears.

  6. Select Vulnerability Update Report from the Report Type list.

  7. To run the report for selected projects, enter one or more project names in the Projects field. Leave the field blank to create the report for all projects to which you have access.

  8. Select either HTML or CSV as the report format.

    Tip: Use the CSV option when your data becomes too large to render and view in the browser.

  9. Select the dates for this report. The date represents the day on which the vulnerability was added to a project version or the information associated with the vulnerability was updated. By default, the end date is the current date.

  10. Click Confirm to run the report.

    One of the following links appear when the report completes:

    • vulnerability-update-report_all_assigned_projects_YYYY-MM-DD_HHMMSS (time stamp in system timezone) for a global version of the report

    • vulnerability-update-report_YYYY-MM-DD_HHMMSS (time stamp in system timezone) for one or more projects

    Reports for a specific project can be accessed by any user who is a member of the project. However, if the report contains multiple projects, the user must be a member of all projects to access the report.

  11. Select the link to view the report.

    If you selected CSV as the report format, download the report and extract the zip file. The CSV report will contain four reports:

    • new-remediated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all new remediations for the selected project(s) within the specified time frame. A vulnerability is newly remediated if the remediation was created after the vulnerability was created and it is in the specified time range.

    • new-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all new vulnerabilities for the selected project(s) within the specified time frame. A vulnerability was associated to a BOM component whether or not it is remediated and the bom association was in the specified time range.

    • updated-remediated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all updated remediations for vulnerabilities that occurred within the specified time range for the selected project(s). A vulnerability has an updated remediation if the remediation update happened after the remediation was created and is in the specified time range.

    • updated-vulnerabilities_YYYY-MM-DD_HHMMSS.csv

      This report will contain all updated vulnerabilities for the selected project(s) within the specified time frame. A vulnerability is updated if the the updated dateTime is within the specified time range and this vulnerability risk was updated after the risk was created.

Note: You can use the native print functionality of your web browser to print the HTML version of the report.