Lifecycle & Obsolescence

This report highlights lifecycle exposure (EOL/obsolete/unsupported/deprecated signals) as a modernization driver:

• where obsolete platforms/software appear in findings

• how widespread they are (affected hosts)

• suggested upgrade target state (catalog-driven) and optional narrative

Output

• Per scan: output/<scan_name>/lifecycle.html

Optional model artifact (only when metadata export is enabled):

• output/<scan_name>/lifecycle_model.json

Model JSON is written when notifications.include_run_metadata: true.

How to generate

CLI:

miyabi-qualys-ai-triage-pack run --config config/config.yaml

Configuration

Enable/disable:

• reports.lifecycle.enabled: true|false

Catalog:

• reports.lifecycle.catalog.enabled

• reports.lifecycle.catalog.catalog_path (default: data/lifecycle_catalog.yaml)

UI options:

• reports.lifecycle.ui.enable_filters

• reports.lifecycle.ui.max_rows_render

• reports.lifecycle.ui.max_versions_per_item

Optional LLM narrative (guardrailed / JSON-only):

• reports.lifecycle.llm.enabled

• reports.lifecycle.llm.model

• reports.lifecycle.llm.max_items_for_llm

Data sources (Qualys CSV fields)

Primary:

• Title, QID, Severity, Category

• evidence excerpts from Results / Instance (best-effort, capped)

• asset identifiers: FQDN/DNS/NetBIOS/IP, and sometimes OS (if present)

Interpretation notes

• Lifecycle classification is keyword/regex driven (deterministic). It does not claim exploitability.

• Version extraction is best-effort and intentionally capped to avoid dumping raw results into the report.

Troubleshooting

No lifecycle items detected

Your scan/export may not include lifecycle-related titles/categories, or they do not match the catalog patterns.

No versions shown

The export may not include Results/Instance data, or the finding format does not contain a parsable version string.