Skip to content

av exposure

Blast-radius lookup: when a CVE hits the news, see at a glance which of your organisation’s projects are exposed to it - and through which packages.

Terminal window
av exposure <cveId> [flags]

The binary ships as alertavuln; av is the common alias - they are interchangeable in every example.

av exposure lists every project in your organisation that already has an alert for the given CVE. For each exposed project it shows the project name and ID, the number of alerts for that CVE, and the packages that matched. You must be logged in (av login) first.

The lookup reads the alerts AlertaVuln’s event-driven pipeline has already raised - it does not trigger a new scan. A project appears in the result only if it currently holds at least one alert for the CVE.

With --json the command prints the raw result - cveId plus a projects array of projectId, projectName, packages, and alertCount - instead of a table.

Flag Default Description
--json false Output raw JSON instead of a table

Check the organisation-wide blast radius of a CVE the moment it makes headlines:

Terminal window
av exposure CVE-2021-44228

Get the exposed project names as raw data for a runbook or chat notification:

Terminal window
av exposure CVE-2021-44228 --json | jq -r '.projects[].projectName'

Use it as an incident-response gate - jq -e exits non-zero when any project is exposed:

Terminal window
av exposure CVE-2021-44228 --json | jq -e '.projects | length == 0'
Code Meaning
0 Lookup completed - including when exposed projects were found
1 Command failed: not logged in, bad arguments, or an API error
  • av check - pre-flight a package for known CVEs before you add it