CVE Component Evidence
Per-component CVEs and firmware file paths for the selected project version.
Warning: {{ evidence_summary.get('findings_fetch_errors', 0) }} component(s) had their findings call fail. Those components are missing from the table below as if they had no CVEs. Re-run with the same
{% endif %}
{% endif %}
--cache-ttl to retry only the failed components.
{{ fs.panel_head("Components with match evidence", meta=((data | length) | string) ~ " component" ~ ("s" if (data | length) != 1 else "")) }}
Each row is a component in the selected project version, with associated CVE IDs and the firmware file paths where the component was detected.
{% if data and data | length > 0 %}
{% if data | length > 2000 %}
{% endif %}
| Name | Version | CDX Type | Supplier | Findings (C/H/M/L) | Policy violations | Policy warnings | Licenses | Source | CVEs | Evidence File Paths |
|---|---|---|---|---|---|---|---|---|---|---|
| {{ row['Name'] }} | {{ row['Version'] }} | {{ row.get('CDX Type', '') }} | {{ row.get('Supplier', '') }} | {{ row.get('Findings - critical', 0) }} / {{ row.get('Findings - high', 0) }} / {{ row.get('Findings - medium', 0) }} / {{ row.get('Findings - low', 0) }} | {{ row.get('policy - violations', 0) }} | {{ row.get('policy - warnings', 0) }} | {{ row.get('Licenses - names', '') }} | {{ row.get('Source', '') }} | {{ row.get('CVEs', '') }} | {{ row.get('Evidence File Paths', '') }} |
Showing 2,000 of {{ data | length }} rows. See CSV export for full data.
{% endif %} {% else %}No components found
No components matched the selected project version. Confirm --version refers to a version of --project.