Create a new Manage action from DejaCode Product to get a Vulnerability Summary #155
Assignees
Labels
design needed
Design details needed to complete the issue
enhancement
New feature or request
risk
evaluate severity, exploitability, and context factors to determine a vulnerability risk score
Comments
DennisClark
added
design needed
DennisClark
moved this to In Progress
in CRAVEX moved to https://github.com/orgs/aboutcode-org/projects/8
DennisClark
added
the
risk
|
@DennisClark Revisiting this issue, it seems that this was already implemented as the new "Vulnerabilities" tab in the Product details view. See #173 The missing pieces are Policy and Exploitability which will be handled in their own #97 and #98 issues. Let me know if we can close this one. |
pombredanne
moved this from In Progress
to Done
in CRAVEX moved to https://github.com/orgs/aboutcode-org/projects/8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Objective is to improve visibility of vulnerabilities associated with Product Inventory Items and to manage them. The basic concept is roughly equivalent to the License summary currently available on a Product Inventory.
Add a "Vulnerability summary" option to the Manage dropdown on Product Inventory.
Present a new form that lists the vulnerabilities associated with the Product Inventory items, including the following columns:
VulnerableCode URL (same field currently displayed on a Package with a vulnerability)
Summary (same field currently displayed on a Package with a vulnerability)
Policy (new field -- see related issue #97 )
Exploitability (new field -- see related issue #98 )
Items (equivalent to the Items column on the License summary)
{{other fields to be determined, such as VEX Status and a link to VEX details}}
Highlight items with an alert level policy (more details to be provided).
The text was updated successfully, but these errors were encountered: