Infrastructure Vulnerabilities

In this view, vulnerabilities discovered by automated Infra tools and those that have been manually imported can be viewed.

If infra scanner selection under project settings is enabled by an admin, then infra scans can also be scheduled under the project settings just like any other scan. If this toggle is not enabled, infra scans can only be scheduled at a global level by an admin in Global Settings --> Infra Profiles and vulnerabilities are distributed to projects based on the Infra Groups assigned to projects.

Five bulk actions can be taken on infrastructure vulnerabilities through the Action button in the upper left corner; Assign Issue, False Positive, Risk Accepted, Close, and Add Screenshot.

📘

If an issue needs to be assigned for a single vulnerability or multiple vulnerabilities, the checkboxes on the left-hand side of each row can be used and "Assign Issue" button can be clicked on the "Choose an action" drop-down menu that appears in the upper left corner.

Vulnerabilities closed on Kondukto, which have been sent to the issue manager will also be closed automatically on the issue manager.

🚧

Close action is available only for vulnerabilities manually imported to Kondukto and not for vulnerabilities discovered by automated Infra tools.

Using the hamburger icon in the upper right corner, it is possible to add a single vulnerability, import multiple vulnerabilities or export current vulnerabilities in csv format.

Add button allows adding a single vulnerability by filling out a form, whereas it is possible to import multiple vulnerabilities by using the template provided under the Import section.

Vulnerability view can be changed using the view options as seen in the screenshot below.

Users can export the vulnerability table in CSV format by clicking on the export button under the "Actions" button at the top right corner of the page. The columns available on the table can be changed by clicking on the gear icon located in the top right corner of the table.