If a local appsec-data.json file is present with a last-scan timestamp less than the configured automatic scan period, no initial data on vulnerabilities is fetched and the list of vulnerabilities appears empty.
We can approach this in two ways:
always scan the SBOM for vulnerabilities at startup
cache a local list of vulnerabilities from the last scan
If a local
appsec-data.jsonfile is present with a last-scan timestamp less than the configured automatic scan period, no initial data on vulnerabilities is fetched and the list of vulnerabilities appears empty.We can approach this in two ways: