Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

This page provides a form to report a new security vulnerability. Navigate to it at /it/security/vulnerabilities/new.

Overview

The New Vulnerability page is a single-step form. Required field is Vulnerability Name; all other fields (CVE ID, severity, discovered date, description) are optional. New records are created with remediation_status set to open. On success the user is redirected to the Vulnerabilities list at /it/security/vulnerabilities.

Who it’s for

This route is protected by IT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard.

Before you start

  • Have the vulnerability name and, if available, the CVE identifier.
  • Know the severity level and the date it was discovered.

Steps

  1. Navigate to IT > Security > Vulnerabilities and click Report Vulnerability, or go directly to /it/security/vulnerabilities/new.
  2. Enter the Vulnerability Name (required).
  3. Optionally enter a CVE ID (e.g., CVE-2024-12345).
  4. Select a Severity: Critical, High, Medium (default), or Low.
  5. Set the Discovered Date (defaults to today).
  6. Enter a Description including impact and potential remediation steps.
  7. Click Report Vulnerability. On success you are redirected to the Vulnerabilities list.

Key concepts

  • CVE ID — optional Common Vulnerabilities and Exposures identifier; stored as cve_id.
  • Severitycritical | high | medium | low from the SecuritySeverity type.
  • remediation_status — new records start as open; status can be advanced to in_progress, remediated, or false_positive from the vulnerability detail page.

IT Service Management

IT Service Management overview.

Governance & parity

This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/it.tsx
  • src/cores/it/pages/security/vulnerabilities/NewVulnerabilityPage.tsx
  • src/cores/it/hooks/useVulnerabilityMutations.ts
  • src/cores/it/types/security.ts