Centralized Vulnerability Inventory: Search, Filter, and Export
The Inventory View in Hopper provides a unified list of all vulnerabilities across your projects and applications. It enables centralized triage, efficient filtering, and actionable insights into what matters most, whether you're dealing with traditional open-source dependencies or AI model risks.
This guide explains how to explore OSS vulnerabilities and Hopper’s AI Inventory using advanced filters, metadata, and exports.
Open Source Vulnerabilities View
Search, Filter, and Prioritize at Scale
You can filter OSS vulnerabilities by:
- Severity, including CVSS and EPSS scores
- Reachability
- Suggested Fix and Fix Effort estimates
- Package Usage
- Package Depth
- Build System Type
- Crown Jewels and Custom Tags
- Hide "no suggested fix" vulnerabilities
- Show ignored vulnerabilities
- Show issues with Applications only
- Show CISA KEV vulnerabilities only
Save your custom filter views to avoid recreating them.
Drill Into Details with the Tray View
Click on any row to open the detail tray, which includes:
- CVE number and aliases
- Severity and EPSS
- Reachability status
- Fixable status and effort
- Dependency type (direct or transitive)
- CWE and vulnerability type
- Package name and version
- Summary
- Suggested fix with direct link to SCM
- Full call graph, exportable as JSON
Export Options
Filtered project or application lists can be exported in CSV or JSON format. Exports reflect any filters or tag selections applied, making them useful for reporting, triage sessions, and audit documentation.