Activated Xray on the instance The repository that contains the artifacts you wish to mark as vulnerable has to be watched & indexed by Xray on the systemA corresponding Xray policy should be configured to the repository