Hi Ewen,
CVA Integration with CESM is in the pipeline and through CESM you would be able to see vulnerability report.
Please do take a note of "Edit-->Scheduler" option, with the addition of this we have made sure that user doesn't have to bother about running CVA manually but he can schedule it at certain interval and with the help of option "Run in background" and "Prompt if vulnerable application is found before exiting" he can only be bothered by CVA if any vulnerable application is found else it will simply create the report, if selected, and exit.
Thanks
-umesh