Adding Vulnerabilities Manually

Aside from the vulnerabilities discovered by integrated scanners and automatically fetched to Kondukto, adding vulnerabilities manually is possible.

This can be achieved by clicking on the Add or Import buttons under the "Actions" button in the top right corner of the vulnerabilities page.

By clicking the "Add" button, new vulnerabilities can be added individually after filling out the relevant fields in the form.

The fields in the form dynamically change based on the scanner type selection.

Multiple vulnerabilities can also be imported to Kondukto by clicking the "Import" button. There are two options available at this point.

  1. Selecting "Tool" as Import Type: Kondukto automatically recognizes the file formats of specific automated tools. The reports of these tools can be directly uploaded to Kondukto.

  2. Selecting "Template" as Import Type: A sample file is provided to the user when the "Download Sample" button is clicked. This sample file dynamically changes based on the scanner type selection.

Vulnerabilities added manually become subject to the same automated workflows as other vulnerabilities.

📘

Once vulnerabilities are added or imported manually, Kondukto starts the scan process from the analysis stage to decide whether issues need to be opened, notifications need to be sent, or the same vulnerability has been imported.

Two options are available for the status of these vulnerabilities to be closed on Kondukto, which can be reached from Automation --> Setup --> Global Settings --> Manually Added Vulnerabilities.

They can either be closed automatically when they are closed on the issue manager or manually closed through the Kondukto interface regardless of their status on the issue manager.

In the default setting, manually imported vulnerabilities must be closed manually from the interface.

They can be manually closed by selecting Close from the Bulk Action dropdown menu in the top left corner.

All vulnerabilities manually added to Kondukto can be separately tracked from the Imports tab under the Projects.