CVE Watch
CVE Watch proactively monitors vulnerability databases for new CVEs that affect packages in your organization's images.
How It Works
The CVE Watch worker continuously polls NVD, OSV, GHSA, and CISA KEV using cursor-based incremental updates. When a new CVE matches a package in your scanned inventory, an alert is generated.
Configuration
Configure CVE Watch in Settings > CVE Watch:
- Enable/disable monitoring per source
- Set polling intervals
- Configure alert batching and digest schedules
Affected Images
Each CVE Watch alert shows which images in your organization contain the affected package, with links to the relevant scan results.