Report templatesFunctions

countVulnerabilitiesByRisk

Count vulnerabilities by risk severity levels and CVSS scores

Usage

The countVulnerabilitiesByRisk function analyzes a collection of vulnerabilities and returns counts grouped by risk severity levels. It calculates risk both from probability/impact combinations and CVSS scores.

Syntax

{vulnerabilities | countVulnerabilitiesByRisk}

Parameters

  • vulnerabilities (object): An object containing a rows array of vulnerability objects. Each vulnerability should have:
    • probability (string): Probability level
    • impact (string): Impact level
    • cvss_score (number, optional): CVSS score (0-10)

Returns

An object containing:

  • critical: Count of Critical severity vulnerabilities (probability/impact based)
  • high: Count of High severity vulnerabilities (probability/impact based)
  • medium: Count of Medium severity vulnerabilities (probability/impact based)
  • low: Count of Low severity vulnerabilities (probability/impact based)
  • info: Count of Informational severity vulnerabilities (probability/impact based)
  • criticalCvss: Count of Critical severity vulnerabilities (CVSS based, 9.0-10.0)
  • highCvss: Count of High severity vulnerabilities (CVSS based, 7.0-8.9)
  • mediumCvss: Count of Medium severity vulnerabilities (CVSS based, 4.0-6.9)
  • lowCvss: Count of Low severity vulnerabilities (CVSS based, 0.1-3.9)
  • infoCvss: Count of Informational severity vulnerabilities (CVSS based, 0)

Side Effects

The function adds two properties to each vulnerability object:

  • risk: The calculated risk level based on probability/impact
  • cvssRisk: The risk level based on CVSS score

Examples

Basic vulnerability counting

{project.vulnerabilities | countVulnerabilitiesByRisk}
// Returns: {
//   critical: 2,
//   high: 5,
//   medium: 8,
//   low: 3,
//   info: 1,
//   criticalCvss: 1,
//   highCvss: 4,
//   mediumCvss: 7,
//   lowCvss: 5,
//   infoCvss: 2
// }

Accessing specific counts

{project.vulnerabilities | countVulnerabilitiesByRisk | get:"critical"}
// Returns: 2

Using in conditional logic

{project.vulnerabilities | countVulnerabilitiesByRisk | get:"high" | greaterThan:0}
// Returns: true if there are high severity vulnerabilities

Creating a summary table

{vulnerabilities | countVulnerabilitiesByRisk}
// Use the returned object to populate a risk summary table

Use Cases

  • Executive summary risk statistics
  • Vulnerability distribution charts
  • Risk-based prioritization reports
  • Compliance reporting requiring severity counts
  • Dashboard metrics for security posture

cellBackgroundRender

Get cell background color for rendering risk levels with predefined color scheme

filterIpsFromScope

Filter scope list to return only IP addresses

On this page

UsageSyntaxParametersReturnsSide EffectsExamplesBasic vulnerability countingAccessing specific countsUsing in conditional logicCreating a summary tableUse Cases