A Vulnerability Audit associates the Application Dependencies of a project with their associated Vulnerabilities. Each Vulnerability is associated with a score (Common Vulnerability Scoring System V2 or V3). A vulnerable Application Dependency can be ignored based on the configuration of the Vulnerability Audit. maxObservedCvssV2Score, maxObservedCvssV3Score and vulnerableArtifactsCount do not take into account non-vulnerable Application Dependency.