Once an artifact is indexed in Xray as part of a single upload, build, or Release Bundle, Xray will validate if the artifact contains vulnerabilities that are considered to have a very high impact. If such vulnerabilities are found, Xray will run the contextual analysis and retrieve the contextual analysis results. The results consist of the following:
Vulnerability Contextual Analysis Statuses
Not Scanned: Initial state, the scan was invoked for the CVE.
Applicable: The vulnerability can be exploited in the context of the scanned artifact.
Not Applicable: The vulnerability cannot be exploited in the context of the scanned artifact.
Undetermined: Inconclusive results, the scanner couldn't reach a definite result.
Rescan Required: A new scanner for this CVE is available, you need to rescan to retrieve applicability results.
Upgrade Required: (Self-Hosted only) The Xray version needs to be updated to receive a new scanner for this CVE. Rescan is required after the upgrade.
Not Covered: Scanner isn't available.
Vulnerability Contextual Analysis Results
The contextual analysis results can be accessed from Scans List.