As platform capabilities evolve quickly, the security risk increases. Platform teams must keep shipping fast while maintaining strong security. Engineers don’t need more security tools; they need better signals earlier. At Upbound, we’re committed to building security directly into the platform engineering experience, starting with the Upbound Marketplace and the Official Packages used by teams to build and operate platforms with confidence.

When CVEs are discovered only after images are pulled, scanned, and deployed, teams are forced to go into a reactive mode. Fixes become urgent, upgrades become risky, and security slows delivery, especially when teams are forced to jump to newer versions even though older, stable releases may include backported security fixes. Platform teams require a solution that keeps them proactive without adding friction. 

Today, we are announcing Vulnerability Summaries in Upbound Marketplace. A new way to see vulnerability data while you are browsing and deciding what to deploy. 

Is This Version Safe To Deploy?

In the past, answering a simple question, “Is this version safe to deploy?” often meant a longer process, requiring time, tooling, and context switching as images were pulled and external scanners were run. 

With Vulnerability Summaries in Upbound Marketplace, you don’t need to do image pulls and external scans; you now have immediate visibility into known CVEs for Upbound Official Packages. Vulnerability Summaries also make it easier to understand the actual risk of each version, whether you’re adopting the latest release or relying on an older version with backported fixes. This allows platform and security teams to assess risk earlier, stay informed, and collaborate with the right information in front of them before anything reaches production.

Risk at a Glance With Vulnerability Summaries

Each Official Package listing includes a Vulnerability Summary in the top-right version navigation selector. 

These summaries display the most recent CVE counts grouped by CVSS 3.0 severity. CVSS scoring helps teams understand both the severity and characteristics of software vulnerabilities, making it easier to compare versions and identify higher-risk releases. Vulnerability Summaries provide a clear, visual signal of risk across versions and can be used to inform automation that gates or approves deployments based on vulnerability thresholds. This makes it easier to distinguish between versions that are truly higher risk and older versions that remain secure through maintained and backported vulnerability fixes.

With this view, teams can quickly:

• Identify versions with high-severity vulnerabilities

• Compare security posture across releases

• Select safer versions without guesswork

Diving Deep With Detailed CVE Views

With the detailed version view, teams can now inspect each CVE in detail, including:

• Severity and affected package versions

• Links to authoritative CVE advisories

• Available fixes

• Detailed descriptions of the vulnerability and potential exploit paths

• Known exploits, when available

This level of transparency supports better conversations between platform and security teams and removes ambiguity from upgrade decisions.

Security Context at the Right Moment

The Upbound Marketplace gives platform teams the trust signals they need before anything reaches production. Vulnerability Summaries bring security context directly into the decision-making moment, when teams are choosing which version to deploy.

By surfacing vulnerability data where platform teams already work, Upbound helps teams move faster without sacrificing security.