CVEium CIS now sends email notifications when new CVE matches are found during SBOM scanning or periodic re-scans.
Who receives notifications
Email alerts are sent to team Owners and Admins only. Regular members do not receive notifications.
What the email includes
Each notification email contains:
- The product name and release version affected
- Total number of new CVE matches found
- Severity breakdown: how many are Critical, High, Medium, and Low
- KEV count: how many are Known Exploited Vulnerabilities
- A direct link to the triage page to start reviewing
When notifications are sent
Notifications are triggered when:
- A new SBOM is uploaded and the initial scan finds vulnerabilities
- A periodic re-scan discovers new CVEs affecting existing SBOMs
Notifications are not sent if the scan finds zero matches.
Reliability
Notification delivery is fire-and-forget — if an email fails to send, it will not block or delay the scanning pipeline. Delivery failures are logged for troubleshooting.