Component Vulnerability Analysis
Portfolio-level component risk analysis
Components sorted by composite risk score with cumulative risk percentage. Shows which components contribute disproportionately to total risk.
{% if render_mode == 'fragment' and not fragment_scripts_enabled %}Bubble chart showing risk score vs number of affected projects. Bubble size represents finding count.
{% if render_mode == 'fragment' and not fragment_scripts_enabled %}Executive Summary
The Component Vulnerability Analysis provides a strategic portfolio-level view of the most problematic components across your entire organization. This report identifies which component versions pose the highest risk and have the broadest impact, enabling portfolio-wide component risk prioritization.
Key Insights from Visualizations
- Pareto Analysis: Shows which components contribute disproportionately to total risk, with each version treated uniquely for precise risk assessment.
- Risk vs. Scope: Identifies components with both high risk and broad project impact for maximum remediation efficiency.
- Normalized Risk Scoring: Risk scores are normalized by project count to provide fair comparison across components used in different numbers of projects.
Strategic Recommendations
- High-Risk Components: Focus immediate remediation efforts on components with the highest normalized risk scores.
- High-Impact Components: Prioritize components affecting multiple projects for maximum portfolio-wide risk reduction.
- KEV and Exploit Flags: Components with 🔒 (KEV) or 💥 (exploit) markers require immediate attention due to federal guidance and active threats.
- Portfolio Management: Use this report to inform strategic component selection and vendor partnerships.
| Component Name | Version | Projects Affected | Portfolio Composite Risk | Normalized Risk Score | Findings Count | Has KEV | Has Exploits |
|---|---|---|---|---|---|---|---|
| {{ row.get('name', '') }} | {{ row.get('version', '') }} | {{ row.get('project_count', 0) }} | {{ pcr }} | {{ nrs }} | {{ row.get('findings_count', 0) }} | {% if row.get('has_kev') %}🔒{% else %}—{% endif %} | {% if row.get('has_exploits') %}💥{% else %}—{% endif %} |
No portfolio data available.