Assessment tab

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Assessment Tab

    The Assessment tab enables users to review vulnerability assessment results by correlating data from the Software Bill of Materials (SBOM) and Software Asset Management (SAM). It visually displays insights derived from the assessment records created, highlighting affected configuration items (CIs) linked to identified vulnerabilities.

    Show full answer Show less

    Key Features

    • Assessment Initiation: When the Assess button is clicked, a background job begins analyzing related CVEs and products using SAM and SBOM data.
    • Vulnerable Items Display: Results show in the Vulnerable Items and Application Vulnerable Items tabs, providing a list of vulnerabilities associated with the CVEs.
    • Affected Configuration Items: Identifies and displays CIs related to vulnerable items, updating their status and source as needed.
    • Assessment Status: The assessment status is visible on the workspace, indicating progress and requiring page refresh for updates.
    • Data Visualizations: Various widgets display counts and classifications of CIs, scanned applications, and BOM components, facilitating a comprehensive view of vulnerabilities.

    Key Outcomes

    By utilizing the Assessment tab, customers can effectively track and manage vulnerabilities within their systems. The accurate identification of affected CIs and the visual representation of assessment data empower organizations to prioritize remediation efforts, enhance security posture, and ensure compliance with asset management best practices.

    Review the assessment results in the assessment tab. After you perform an assessment of the vulnerability event, the record is correlated against the data from Software Bill of Materials and Software Asset Management and displayed with visualisations.

    The assessment tab populates data (if available) based on the assessment record that you create and correlates the details against assessments from Software Asset Management and Software Bill of Materials component data in the CMDB.

    How the assessment works

    On selecting the Assess button, an assessment for all the related CVEs and affected products using both Software Asset Management and SBOM data is initiated. A background job is triggered and when the assessment is processed the VITs or AVITs associated with the vulnerable entries or CVEs display in the Vulnerable Items and Application Vulnerable Items tabs.
    • All the vulnerable items or TPEs related to the CVE are identified.
    • The Configuration Items (CIs) related to the vulnerable items are also identified and display in the affected configuration items table.
    • If the CIs are not present in the affected CI table, the identified CIs are added to the table and the Has vulnerable item flag is turned to true, and the Source field's value is set to Scanner.
    • If the CI already exists in the affected configuration items table, only the Has vulnerable item flag is set to true and the Source remains unchanged from when the assessment record was created.
    • If vulnerable items are created after the assessment a Vulnerability Assessment scheduled job is run to update the affected CIs table and the source of the CI.
    • On the Assessment workspace, you can view timestamps to see the last assessment of the events. The Assessment tab is visible only when the new assessments are created. If the assessment is in progress state, then the last assessment status will appear as the assessment is in progress. To view the updated assessment status, you need to refresh the page. Once the assessment is completed, the user will be able to see all the related tabs for that assessment.
    Figure 1. Vulnerability Assessment Workspace- Assessment Tab
    Assessment Tab
    The assessment details displays for the following widgets.
    • Configuration Items (Host/Infra)
    • Scanned Applications
    • BOM Components and Product Models
    • Configuration Items by CI Class (Installation Assessment)
    • Configuration Items by Assessment Source – Displays the Affected Configuration Items list.

    Data visualizations

    Name Type Description
    Configuration Items (Host/Infra) Single Score Displays the count of CIs with and without VIs.

    The Configuration Items widget displays the total count of CIs that are found to be associated with the assessment record. The widget further displays the configuration items with vulnerable items and without vulnerable items.
    Scanned Applications Count Total count of applications scanned with AVITs.
    Note:
    You can view the count of scanned applications for both primary and secondary CVEs.
    BOM Components and Product Models Single Score Total Component count, Product model count, With Application Vulnerable Items, Without Application Vulnerable Items count.
    Configuration Items by Assessment Source Stacked bar Affected Configuration Items stacked by the assessment source.
    Configuration Items by CI Class (Installation Assessment) Pie Chart Configuration Items stacked by CI Class.