React/Vite dashboard for importing vulnerability scanner output and turning it into a reportable view with asset, IP, service, CVE, severity, and remediation context intact.
- Auto-detects and normalizes Nessus CSV exports
- Auto-detects and normalizes Nessus
.nessus/ XML exports - Auto-detects and normalizes Rapid7 Nexpose / InsightVM CSV exports
- Auto-detects and normalizes Nexpose XML exports
- Parses Nmap
.nmapoutput into dashboard-ready findings - Supports generic CSV and Excel uploads through manual column mapping
- Preserves richer finding context during import, including port, protocol, service, CVEs, description, solution, scanner, and source file
- Keeps per-host and per-service findings distinct instead of collapsing them into a single deduped issue
- Enriches findings against CISA KEV data when CVEs match
- Exports reports to standalone HTML and PDF
- Persists imported data, customer name, visualization settings, and import metadata in
localStorageuntil cleared
- Summary cards for findings, severity, assets, IPs, CVEs, and remediation coverage
- Severity, score, asset, and IP visualizations
- Finding, asset, IP, frequency, service/port, and KEV tables
- Scanner/source breakdown and top remediation/service exposure summaries
Automatic import:
.csvfor Nessus and Nexpose/InsightVM exports.nessusand.xmlfor Nessus and Nexpose XML exports.nmapfor Nmap output
Manual mapping:
.csv.xlsx.xls
If a tabular file is not recognized as a scanner export, the app falls back to manual column mapping.
npm ci
npm run devAvailable scripts:
npm run build
npm run build:dev
npm run lint
npm run previewRun with Docker Compose:
docker-compose up --buildOr build and run the image directly:
docker build -t vulnerability-dashboard .
docker run -p 8888:8888 vulnerability-dashboardThe containerized app is served at http://localhost:8888.
- KEV data is fetched from CISA and cached locally for 24 hours; if it is unavailable, the dashboard continues without KEV matches.
- Demo data can be generated with
fake-nessus-results.py. - The project still contains some generated UI scaffolding from its original Lovable bootstrap.