Vulnerability alerts

Organization admins can use Settings → Vulnerability Alerts to configure email summaries for vulnerability activity in an organization.

Organization vulnerability summary email

The Organization vulnerability summary email sends a periodic summary when automated SBOM vulnerability scans find new vulnerabilities for the organization. The email helps teams notice newly introduced risk without having to manually check the Platform every day.

When enabled, the summary can include:

• Counts for newly found critical, high, and known-exploited vulnerabilities.
• Projects or SBOM reports that were newly affected, with links back to the Platform.
• Current organization totals for critical, high, and known-exploited vulnerabilities.
• The top affected projects in the organization.

Manual SBOM uploads remain visible in the Platform's SBOM and vulnerability views, but they do not by themselves trigger the automated vulnerability summary email.

Configure recipients

1. Open Settings → Vulnerability Alerts.
2. Under Summary email recipients, enter each recipient's RunSafe Platform login email.
3. Select Add after each address.
4. Turn on Organization vulnerability summary email.
5. Select Save changes.

Recipients must already be users in the organization. Add or invite users from Settings → Users before adding them as alert recipients.

At least one recipient is required before the summary email can be enabled. To stop summary emails, turn off Organization vulnerability summary email and save the change.

Related documentation

• Users and invites
• SBOMs, vulnerabilities, license compliance, and risk reduction
• Vulnerability compliance