Web Traffic & CVE Enrichment Help
Geo analytics from RUM data, library vulnerability scanning, and enrichment settings.
Ingest RUM Events
Embed rum.js in your web app. Visitor country data populates as RUM events arrive.
Enable Geo Lookup
Turn on IP geo-lookup in Settings โ Enrichment to resolve visitor IPs to countries for the map.
Enable CVE Scanning
Turn on CVE scanning in Settings โ Enrichment to auto-scan detected libraries daily against OSV.dev.
| Chart | Description |
|---|---|
| World Map | Visitor counts by country, rendered with Apache ECharts. Requires IP geo-lookup to be enabled in Enrichment Settings. |
| Browsers |
Distribution of browser families (Chrome, Firefox, Safari, etc.) extracted from the RUM user_agent field.
|
| Operating Systems | Distribution of visitor OS platforms (Windows, macOS, Linux, iOS, Android, etc.). |
| Timezones | Distribution of display timezones reported by the RUM client, indicating where your users are located. |
| Languages | Distribution of browser language preferences reported by the RUM client. |
| Devices | Distribution of device types (desktop, mobile, tablet) from the RUM event device field. |
Use the Filters accordion at the top of the Web Traffic page to narrow the date range for all charts simultaneously.
- From / To โ ISO date-time or relative shortcuts. All charts update when the form is submitted.
- Leaving both empty shows data for all time.
Country resolution uses geoip2fast (MIT license) โ a bundled local database derived from IANA/RIR delegated statistics (public domain). No external API calls, no registration, and no API key is required.
- All lookups are performed locally inside the SOBS process; no data leaves your environment.
- Results are cached in-process for performance.
- Enable under Settings โ Enrichment โ IP Geo-lookup.
| Endpoint | Description |
|---|---|
| GET /api/web-traffic/geo | Country visitor counts (used by the world map). |
| GET /api/web-traffic/browsers | Browser distribution data. |
| GET /api/web-traffic/os | Operating system distribution data. |
| GET /api/web-traffic/timezones | Timezone distribution data. |
| GET /api/web-traffic/languages | Language distribution data. |
| GET /api/web-traffic/devices | Device type distribution data. |
The CVE Findings page surfaces known vulnerabilities in software libraries detected from your OTEL span attributes. Scanning is powered by OSV.dev โ no API key required.
- Auto-scan โ runs daily in the background. Library names are extracted from incoming OTEL attributes.
- Scan now โ manually trigger a re-scan from the CVE Findings page header button.
- Detected Libraries accordion โ review which libraries were observed and selected for scanning.
- Disposition โ mark each finding as false positive, accepted, won't fix, or resolved to track remediation state.
CVE quality improves when release and dependency metadata is continuously refreshed from repository settings. Sobs supports both polling and optional realtime push modes.
- Polling mode (default) โ uses GitHub read APIs with conditional requests to limit rate usage.
- Realtime push mode (optional) โ CI posts release metadata to Sobs using a managed ingest API key.
- Webhook acceleration (optional) โ can reduce refresh latency when repo admins approve webhook setup.
For setup details, see Repositories Help.
| Endpoint | Description |
|---|---|
| GET /api/enrichment/cve/findings | List all CVE findings with optional severity filter. |
| POST /api/enrichment/cve/scan | Trigger an on-demand CVE scan immediately. |
| POST /api/enrichment/cve/findings/<osv_id>/disposition |
Set a disposition on a specific finding ({"disposition": "false_positive"}).
|