CVEium
Sign Up

Triage Interface

Navigate the vulnerability triage page, use filters, and perform batch operations.

The triage interface is where you review vulnerabilities and assign dispositions. Access it from the Triage tab on any release page.

Page layout

The triage page has two main areas:

  • Vulnerability table (left): Lists all discovered vulnerabilities for the release
  • Triage statistics (right): Shows progress metrics and alerts

Vulnerability table

Each row in the table shows:

  • CVE ID: The vulnerability identifier, with a KEV badge if it is a known exploited vulnerability
  • Component: The SBOM component that matched the vulnerability
  • Severity: Critical, High, Medium, or Low with color coding
  • CVSS Score: The numerical severity score (v4 preferred, then v3, then v2)
  • SLA Status: A warning indicator if the remediation deadline is approaching or overdue
  • Disposition: The current status (Affected, Not Affected, Fixed, Under Investigation, or blank for untriaged)

Setting a disposition

  1. Click on a vulnerability row to open the disposition dialog
  2. Select a status: Affected, Not Affected, Fixed, or Under Investigation
  3. Fill in the optional fields:
    • Justification: Why the vulnerability is not affected (for Not Affected dispositions)
    • Response: Your planned response (for Affected dispositions)
    • Detail: Additional context
    • Impact statement: Description of the vulnerability's impact on your product
    • Action statement: Specific remediation steps
  4. Click Save

KEV filter

Click the KEV toggle button to filter the table to show only Known Exploited Vulnerabilities. This helps you prioritize the most urgent vulnerabilities first.

Triage statistics sidebar

The sidebar shows:

  • Triage progress: How many vulnerabilities have been triaged out of the total
  • Resolution progress: How many have a final disposition (Affected, Not Affected, or Fixed)
  • SLA Overdue count: How many vulnerabilities have passed their remediation deadline
  • KEV count: How many are known exploited vulnerabilities
  • Status breakdown: Count of each disposition status (Not Triaged, Investigating, Affected, Not Affected, Fixed)

Locked releases

When a release is locked (due to VEX submission or publication), the triage interface is read-only. You can view all vulnerability and disposition data but cannot make changes.