Adding Vulnerabilities Manually

Aside from the vulnerabilities discovered by integrated scanners and automatically fetched to Kondukto, it is also possible to add vulnerabilities manually. You can achieve this by clicking on the Add or Import buttons in the top right corner of the vulnerabilities page under projects. When Add button is clicked, you can add vulnerabilities one by one after filling out the relevant fields in the form.

The fields in the form dynamically change based on the scanner type selection. You can import multiple vulnerabilities at once by clicking the Import button. There are two options available at this point.

  1. To add an Import, first, you should use the Vulnerabilities tab and click on the most right button to see the import menu.
2493
  1. Selecting "Tool" as Import Type: Kondukto automatically recognizes the file formats of certain automated tools. The reports of these tools can be directly uploaded to Kondukto.
1871
  1. Selecting "Template" as Import Type: A sample file is provided to the user when the "Download Sample" button is clicked. This sample file dynamically changes based on the scanner type selection.
1879

Vulnerabilities added manually become subject to the same automated workflows as other vulnerabilities.

Once they are added, Kondukto starts the scan process from the analysis stage to decide whether issues need to be opened, notifications need to be sent, or the same vulnerability has been imported.

Two options are available in the configuration file for the status of these vulnerabilities to be closed on Kondukto.

They can either be closed automatically when they are closed on the issue manager or manually closed through the Kondukto interface regardless of their status on the issue manager.

In the default setting, manually imported vulnerabilities must be closed manually from the interface.

They can be manually closed by selecting Close from the Bulk Action dropdown menu located in the top left corner.

All vulnerabilities manually added to Kondukto can be separately tracked from the Imports tab under the Projects.

2497