Add global Vulnerability list #95 #171
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
|
@tdruez @pombredanne Prioritization of Vulnerabilities in DejaCode depends on the implementation of these things: VCIO: Calculate vulnerability risk DejaCode: Vulnerabilities policy I think that those items are the most practical way to support a prioritization process in DejaCode. |
|
@tdruez @pombredanne the new Vulnerabilities option from the Tools dropdown menu works quite well, and the performance is surprisingly fast. I think it is probably ready to deploy. |
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Signed-off-by: tdruez <tdruez@nexb.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the context of #95
This PR introduces a new "Vulnerability" list view, available from the "Tools" menu when
enable_vulnerablecodedb_accessis enabled.The overall goal is to rank and prioritize package vulnerabilities.
The current implementation focuses on ranking/sorting: Vulnerabilities can be sorted and filtered by severity score. It's also possible to sort by the count of affected packages to help prioritize.
The current progress is about displaying the data collected from VulnerableCode.
@pombredanne @DennisClark I now need your input on how we want to implement the "prioritize" layer, ie: data entered by DejaCode users, specific to a Dataspace.
New fields? Status, priority? What are the actions a user can do about one or a selection of Vulnerabilities? And the consequences of those actions on the Vulnerability behavior in the UI. Let's make sure those new fields are aligned with the output format we plan to support (CycloneDX VEX etc..)