Software includes server packages and registered CPEs. All software displayed in FutureVuls is information associated with servers. In addition, OSS licenses of application-dependent libraries such as Lockfile and Jar are detected and displayed in a list.
All detected software can be checked in FutureVuls, regardless of the presence of vulnerabilities.
Also, when using
fast-root to scan, the confirmation of new versions of software can be done.
CPE can be managed by manually registering them on the FutureVuls screen. In FutureVuls, CPE is displayed in URI format (registration is also possible in 2.3 format string format).
When registering CPE, it is necessary to select a server. If you want a new server dedicated to CPE, you can register it by creating a pseudo server.
For more information about CPE, see here.
The software list can be displayed from the second pane of servers, roles, and vulnerabilities.
The order and visibility of the items in the list can be set on the screen.
As of May 2022, OSS licenses are detected only for application-dependent libraries. OSS licenses for OS packages are not detected.
|Software Name||Display software name or CPE|
|Version||Version of software or CPE|
|Latest Version||When scanning with Vuls scanner in
|OSS License||OSS license of application-dependent libraries|
|Server Name||Display server name where the software is registered|
|Repository||Display the repository managing the software|
|Patch provided||Display whether all patches of the software have been provided or not (displayed only when opened from the vulnerability list). If a vulnerability is detected that cannot be fixed, it will be displayed in red.|
You can bulk update tasks related to multiple software by selecting the software.
Note that there are different options for bulk updating between software on the server and software under vulnerabilities.
The upper limit of bulk update tasks is 10,000. If you exceed 10,000 tasks, update them multiple times.
Only tasks related to the specified software on the specified server will be updated.
The following options are available:
You can check and update the details of the software in the Software Details section. The displayed items may vary depending on the type of software.
The following items are displayed in the Software Details section:
|Processes that require reboot||Displays the process ID, path, etc. of processes that require reboot.|
|Affected processes||Displays the affected processes.|
|Vulnerabilities and tasks related to software||Displays the CVE-ID and tasks related to the software.|
You can check OSS license information in the Software Details section.
For libraries, OSS license information is collected.
The OSS license information is updated regularly, but it may take up to an hour for the license information to be displayed after scanning the server.
OSS license information is collected from data sources based on the library distribution.
The data sources are as follows:
|Library Type||Data Source|
If license information was collected but the information source could not be obtained,
unknown is displayed.
Depending on the state of the information source, the reliability of the license information may not be guaranteed. If the reliability is not 100%, a link to the help page will be displayed.
If the reliability is not 100%, there are two possible reasons:
You can set managed settings for software.
You can set specific software as unmanaged by selecting “Set as Unmanaged” from the menu.
If a new vulnerability is detected in software that has been set as unmanaged, a task will be created as a hidden (“Always Hidden”) task. This does not affect any existing tasks. Hidden tasks can be released from the task details screen.
If there is software that you do not intend to address vulnerabilities for and cannot uninstall, you can set it as unmanaged and always hidden.