Vulnerabilities
OSV.dev + NVD scan of installed apt + pip components. Bulk-suppress / open advisories.
How the scan runs
Nightly (vuln-scan job). Enumerates dpkg -l + pip freeze, queries OSV.dev for known vulnerabilities per package+version, cross-references CVEs against NVD for CVSS.
Finding statuses
open— newly detected, not yet triaged.fixed— the scan no longer detects this package+version combination.suppressed— admin-dismissed ("known, accepted").accepted_risk— formally accepted with a required note.false_positive— reported but doesn't apply (e.g. feature not used).
Bulk actions
Multi-select via checkbox; Suppress, Accept risk, Mark false positive apply to all selected. Required note is captured and audit-logged.
Cross-references
Each finding links to the primary sources: NVD, MITRE CVE, Debian security tracker, Ubuntu security, GitHub Security Advisories. For the manual-lookup case (researching a CVE from a vendor advisory), see the Network Tools → CVE lookup tool.