Surface vulnerability data in failed Scorecard rules
CQL captures allow you to extract specific values from entity data when a rule fails, making it easier for engineers to understand what went wrong. A typical use of captures is to show key quality metrics, such as code coverage, or detailed data like vulnerabilities in Scorecard rule failure messages. This helps engineers quickly understand why a rule is failing for an entity.
Surface security vulnerability information from custom data
You can configure custom data to track any information you want to surface, or you can choose to track information pulled in from third-party integrations.
Determine what vulnerability data to display.
In this case, custom data is configured to include details like alert name, score, severity, and detection date.
Example custom data under key
security-data:
"alerts": [
{
"vulnName": "CV-2844",
"alertName": "CVA-2844",
"vulnScore": 5.2,
"alertStatus": "ACTIVE",
"productName": "AssetManager",
"vulnSeverity": "MEDIUM",
"alertDetected": "2025-05-08T10:49:07Z"
}
]While configuring a Scorecard, add a rule that uses captures to pull in the data you want to make more visible:
captures("security", custom('security-data')).get("alerts").length == 0In the rule's Failure message field, configure captures to pull in the relevant information. The following example captures vulnerability information from the custom security data into a table:
# Your entity is failing because of an unresolved vulnerability
## Table of data
| Product Name | Alert Name | Score | Severity | Date Detected |
| :---: | :---: | :---: | :---: | :---: |
{{#context.evaluation.captures.security.alerts}}
| {{productName}} | {{alertName}} | {{vulnScore}} | {{vulnSeverity}} | {{alertDetected}} |
{{/context.evaluation.captures.security.alerts}}After evaluation, inspect the failing rule in the Scorecard. Click into the affected entity and expand the rule to see the vulnerability details in a structured format.
Last updated
Was this helpful?