Documentation Index
Fetch the complete documentation index at: https://docs.plerion.com/llms.txt
Use this file to discover all available pages before exploring further.
With plerion vulnerabilities, you can query vulnerabilities across your cloud assets and manage vulnerability exemptions.
For more about vulnerabilities in the Plerion dashboard, see Vulnerabilities.
Synopsis
plerion vulnerabilities <subcommand> [options]
Subcommands
list
List vulnerabilities with filtering.
plerion vulnerabilities list [options]
Options
| Flag | Type | Description |
|---|
--severity | string | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL (comma-separated) |
--provider | string | Cloud provider: AWS, Azure, GCP, Kubernetes (case-insensitive) |
--has-kev | flag | Only CISA Known Exploited Vulnerabilities |
--has-exploit | flag | Only vulnerabilities with known exploits |
--has-vendor-fix | flag | Only vulnerabilities with a vendor fix available |
--is-exploitable | flag | Only exploitable vulnerabilities |
--is-exempted | boolean | Filter by exemption status (true or false) |
--asset-id | string | Filter by asset ID(s) |
--vulnerability-id | string | Filter by CVE/vulnerability IDs (comma-separated) |
--asset-group-id | string | Filter by asset group IDs (comma-separated) |
--environment-id | string | Filter by environment IDs or names (comma-separated) |
--execution-id | string | Filter by execution IDs (comma-separated) |
--region | string | Filter by cloud region(s) |
--integration-id | string | Filter by integration IDs |
--sort-by | string | Sort field (e.g. hasKev, severityLevelValue, firstObservedAt) |
--sort-order | string | asc or desc |
--package-name | string | Filter by package name |
--target-name | string | Filter by target name |
--target-type | string | Filter by target type |
--target-class | string | Filter by target class (e.g. lang-pkgs, os-pkgs) |
--start | string | First observed start date (ISO 8601) |
--end | string | First observed end date (ISO 8601) |
--per-page | number | Results per page (max 2000) |
--all | flag | Fetch all pages automatically |
exemptions list
plerion vulnerabilities exemptions list --profile-id <id> [--per-page N] [--all]
| Flag | Type | Description |
|---|
--profile-id | string | (required) Profile ID or default |
--per-page | number | Results per page (default: 100, max: 1000) |
--all | flag | Fetch all pages automatically |
exemptions get
plerion vulnerabilities exemptions get --profile-id <id> --id <exemption-id>
exemptions create
plerion vulnerabilities exemptions create --profile-id <id> --name <n> --reason <r> --conditions <json> --audit-note <note>
| Flag | Type | Description |
|---|
--reason | string | (required) Exemption reason. Validated against allowed values (see below) |
--conditions | string | (required) Conditions JSON. Must include at least one of: vulnerabilityIds, assetGroupIds, assetIds, assetRegions, assetTags |
--audit-note | string | (required) Audit note (max 250 chars) |
The --conditions, --reason, and --audit-note flags are all required when creating an exemption.
Reason values
| Value | Description |
|---|
ACCEPTED_RISK | Risk has been accepted |
COMPENSATING_CONTROL | A compensating control is in place |
NO_VENDOR_FIX | No vendor fix is available |
NOT_IN_USE | The vulnerable component is not in use |
OTHER_REASONS | Other reasons (provide details in name) |
exemptions update
plerion vulnerabilities exemptions update --profile-id <id> --id <exemption-id> [--name <n>] [--reason <r>] [--audit-note <note>] [--conditions <json>]
| Flag | Type | Description |
|---|
--audit-note | string | Updated audit note |
--conditions | string | Updated conditions (JSON) |
exemptions delete
plerion vulnerabilities exemptions delete --profile-id <id> --id <exemption-id>
Examples
# Critical vulnerabilities with known exploits
plerion vulnerabilities list --severity CRITICAL --has-exploit
# CISA KEV list
plerion vulnerabilities list --has-kev --output table
# All critical and high vulnerabilities
plerion vulnerabilities list --severity CRITICAL,HIGH --all --output json > vulns.json
# Create an exemption
plerion vulnerabilities exemptions create \
--profile-id my-profile \
--name "Accepted CVE-2022-22965" \
--reason ACCEPTED_RISK \
--conditions '{"vulnerabilityIds":["CVE-2022-22965"]}' \
--audit-note "Accepted risk per security review"
# List exemptions
plerion vulnerabilities exemptions list --profile-id my-profile
# Fetch all exemptions across all pages
plerion vulnerabilities exemptions list --profile-id my-profile --all
# Delete an exemption
plerion vulnerabilities exemptions delete --profile-id my-profile --id ex-abc123
Output columns
Table output includes all fields returned by the API:
| Column | Description |
|---|
| CVE / ID | CVE identifier or Plerion vulnerability ID |
| TITLE | Vulnerability title |
| SEVERITY | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
| SEVERITY VALUE | Numeric CVSS-style severity score |
| SEVERITY SOURCE | Source of the severity rating |
| PROVIDER | Cloud provider |
| ASSET ID | Affected asset ID |
| ASSET TYPE | Asset type |
| TARGET NAME | Affected package or target name |
| DESCRIPTION | Vulnerability description |
| PRIMARY URL | Link to CVE or advisory |
| KEV | CISA Known Exploited Vulnerability |
| EXPLOIT | Has known exploit |
| FIX | Vendor fix available |
| PUBLISHED | Publication date |
| FIRST OBSERVED | First observed timestamp |
| LAST OBSERVED | Last observed timestamp |
| INTEGRATION ID | Integration ID |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| EXECUTION ID | Scan execution ID |
| SCHEMA VERSION | API schema version |
Exemptions output columns
| Column | Description |
|---|
| ID | Exemption ID |
| PROFILE ID | Profile the exemption belongs to |
| NAME | Exemption name/description |
| REASON | Exemption reason |
| AUDIT NOTE | Auditor note |
| CREATED BY | User who created the exemption |
| UPDATED BY | User who last updated the exemption |
| CREATED AT | Creation timestamp |
| UPDATED AT | Update timestamp |
