Skip to content
PentestPad Docs PentestPad Docs Docs

countVulnerabilitiesByRisk

Usage

Section titled “Usage”

The countVulnerabilitiesByRisk function analyzes a collection of vulnerabilities and returns counts grouped by risk severity levels. It calculates risk both from probability/impact combinations and CVSS scores.

Syntax

Section titled “Syntax”
{vulnerabilities | countVulnerabilitiesByRisk}

Parameters

Section titled “Parameters”
  • vulnerabilities (object): An object containing a rows array of vulnerability objects. Each vulnerability should have:
    • probability (string): Probability level
    • impact (string): Impact level
    • cvss_score (number, optional): CVSS score (0-10)

Returns

Section titled “Returns”

An object containing:

  • critical: Count of Critical severity vulnerabilities (probability/impact based)
  • high: Count of High severity vulnerabilities (probability/impact based)
  • medium: Count of Medium severity vulnerabilities (probability/impact based)
  • low: Count of Low severity vulnerabilities (probability/impact based)
  • info: Count of Informational severity vulnerabilities (probability/impact based)
  • criticalCvss: Count of Critical severity vulnerabilities (CVSS based, 9.0-10.0)
  • highCvss: Count of High severity vulnerabilities (CVSS based, 7.0-8.9)
  • mediumCvss: Count of Medium severity vulnerabilities (CVSS based, 4.0-6.9)
  • lowCvss: Count of Low severity vulnerabilities (CVSS based, 0.1-3.9)
  • infoCvss: Count of Informational severity vulnerabilities (CVSS based, 0)

Side Effects

Section titled “Side Effects”

The function adds two properties to each vulnerability object:

  • risk: The calculated risk level based on probability/impact
  • cvssRisk: The risk level based on CVSS score

Examples

Section titled “Examples”

Basic vulnerability counting

Section titled “Basic vulnerability counting”
{project.vulnerabilities | countVulnerabilitiesByRisk}
// Returns: {
//   critical: 2,
//   high: 5,
//   medium: 8,
//   low: 3,
//   info: 1,
//   criticalCvss: 1,
//   highCvss: 4,
//   mediumCvss: 7,
//   lowCvss: 5,
//   infoCvss: 2
// }

Accessing specific counts

Section titled “Accessing specific counts”
{project.vulnerabilities | countVulnerabilitiesByRisk | get:"critical"}
// Returns: 2

Using in conditional logic

Section titled “Using in conditional logic”
{project.vulnerabilities | countVulnerabilitiesByRisk | get:"high" | greaterThan:0}
// Returns: true if there are high severity vulnerabilities

Creating a summary table

Section titled “Creating a summary table”
{vulnerabilities | countVulnerabilitiesByRisk}
// Use the returned object to populate a risk summary table

Use Cases

Section titled “Use Cases”
  • Executive summary risk statistics
  • Vulnerability distribution charts
  • Risk-based prioritization reports
  • Compliance reporting requiring severity counts
  • Dashboard metrics for security posture