Comment on page
Version 2.65.11 release notes
- Rescore all vulnerabilities in a product version via rescore profiles
- Rescore individual vulnerabilities
- Support for SPDX SBOMs
- Enhanced SBOM export now includes CPE and PURL data
- New exploits and threats info, including EPSS and CISA KEV
- Bug fixes and other improvements
You can create and apply rescore profiles to a product version based on your product's particular environment and usage, ensuring you're focusing on the most exploitable and impactful vulnerabilities. Any newly detected vulnerabilities for that product version will be automatically rescored with that profile.
You can now rescore the CVSS v3 score of any individual vulnerability associated with a particular product version so that it reflects your product's particular environment and usage. This will override any rescore profile already applied to the associated product version.
You can now upload SPDX SBOM files, including those generated using Yocto on Linux. You can take all of your generated SPDX files, zip them using WinZip or gzip, then upload that zipped file to Helm. We'll do the rest!
When you upload your SBOM, we'll attempt to find exact matches in the NVD, as well as in supported package managers. If we find an exact CPE or PURL match in a package manager or if you manually specify the CPE and/or PURL for a dependency component, you'll now be able to export an enhanced SBOM that includes CPE and PURL data.
You can now benefit from robust exploit and threat information from a variety of sources, including CISA KEV, ExploitDB, Metasploit, and Top 25 CWEs. You can also ensure that you're focusing on the most impactful and exploitable vulnerabilities via EPSS scores.
- Improved performance when loading SBOM and vulnerability information
- Improved onboarding to get you started or unstuck quickly. We now provide in-page guidance to help you upload an SBOM, view dependency components for a particular product version, or expand your search criteria when there are no results. You'll see these in our SBOM, Vulnerabilities and Discover (Global search) pages.
- Numerous user interface improvements