# Surface vulnerability data in failed Scorecard rules

[CQL captures](/standardize/cql.md#captures) allow you to extract specific values from entity data when a rule fails, making it easier for engineers to understand what went wrong. A typical use of captures is to show key quality metrics, such as code coverage, or detailed data like vulnerabilities in Scorecard rule failure messages. This helps engineers quickly understand why a rule is failing for an entity.

### Surface security vulnerability information from custom data <a href="#example-2-surface-security-vulnerability-information-from-custom-data" id="example-2-surface-security-vulnerability-information-from-custom-data"></a>

You can [configure custom data](https://app.gitbook.com/o/RD51qiGImxmmq8NjALb1/s/JW7pYRxS4dHS3Hv6wxve/ingesting-data-into-cortex/entities/custom-data) to track any information you want to surface, or you can choose to track information pulled in from third-party integrations.

1. Determine what vulnerability data to display.

   * In this case, custom data is configured to include details like alert name, score, severity, and detection date.

   Example custom data under key `security-data`:

```
"alerts": [
      {
        "vulnName": "CV-2844",
        "alertName": "CVA-2844",
        "vulnScore": 5.2,
        "alertStatus": "ACTIVE",
        "productName": "AssetManager",
        "vulnSeverity": "MEDIUM",
        "alertDetected": "2025-05-08T10:49:07Z"
      }
    ]
```

2. ​[While configuring](https://app.gitbook.com/o/RD51qiGImxmmq8NjALb1/s/JW7pYRxS4dHS3Hv6wxve/standardize/scorecards#step-1-configure-the-basic-scorecard-fields) a Scorecard, add a rule that uses captures to pull in the data you want to make more visible: `captures("security", custom('security-data')).get("alerts").length == 0`
3. In the rule's **Failure message** field, configure captures to pull in the relevant information. The following example captures vulnerability information from the custom security data into a table:

```
# Your entity is failing because of an unresolved vulnerability

## Table of data

| Product Name | Alert Name | Score | Severity | Date Detected |
| :---: | :---: | :---: | :---: | :---: |
{{#context.evaluation.captures.security.alerts}}
| {{productName}} | {{alertName}} | {{vulnScore}} | {{vulnSeverity}} | {{alertDetected}} |
{{/context.evaluation.captures.security.alerts}}
```

4. After evaluation, inspect the failing rule in the Scorecard. Click into the affected entity and expand the rule to see the vulnerability details in a structured format.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cortex.io/guides/security/vulnerabilities-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.