Security Advisory

Detect software supply chain vulnerabilities and use AI-assisted prioritization to determine what should be addressed first.

Key Concepts

To use Security Advisory effectively, it helps to understand key concepts such as CVE, CVSS, EPSS, KEV, and SBOM.

CVE: a unique identifier for a publicly disclosed vulnerability

CVSS: a score that expresses technical severity

EPSS: a probability-based score for likely real-world exploitation

KEV: a list of vulnerabilities known to be actively exploited

SBOM: an inventory of the software components in a product

Each vulnerability carries a record of where your team stands in the review process and the rationale behind the final decision. As reviews progress, the audit history becomes the evidence base for delivery and regulatory response.

Project Management

What Counts as a Project?

In Hexamind, a project is a single software unit under security management. Managing versions separately makes historical comparison and delivery evidence easier.

RSBOM Wizard Overview

A step-by-step flow guides you from SBOM upload to security guideline linking and completes project setup in one flow.

Enter System Information

Enter system information: provide project name, version, type, and environment linkage

Upload SBOM and Start Analysis

Upload an SBOM and start analysis: choose Quick Scan or Full Scan

Apply Security Guidance

Optional

Apply security guidance: connect baselines or policy documents

Finish Project Creation

Finish and wait for analysis: the project is created and background analysis begins

Vulnerability Audit

Review vulnerabilities against organizational policies and systematically record status, rationale, and follow-up by project.

Combine severity, real-world exploitability, and weakness category to focus the review queue. Whatever internal criteria your team uses, filter combinations let you quickly build a meaningful scope.

A Practical Audit Workflow

A practical approach is to start with KEV items and high-EPSS issues, then work systematically through everything that is still not reviewed.

Vulnerability Detail and Analysis History

The vulnerability detail page keeps technical facts and organizational review context in dedicated areas. Status changes, rationale, comments, and timeline history all accumulate in one place.

Using the Hexamind AI Panel

The Hexamind AI panel on the vulnerability detail page helps review recommended actions, patch information, and attack scenarios side by side.

Environment Management

Define the deployment environments where software actually runs and link them to projects to enable context-aware risk analysis.

Basic information: environment name and operating system details

Security posture: security configuration and update status

Linked projects: which software projects run in this environment

Why Linking Environments Matters

Environment data lets the AI factor in deployment context for more realistic prioritization.

Component Analysis

View every component in use across all projects from a single place. When a vulnerability is reported, immediately see which projects are at risk and set response priorities without manual cross-checking.

When the same library appears across multiple products, a single view surfaces the entire blast radius and makes it possible to plan a coordinated response rather than addressing each project separately.

Hexamind AI

Compliance