Be able to accept the Risk of a specific CVE for all projects and future projects #10832
resphantom
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
For some reason someone submitted a failing test as a critical vulnerability on a golang stdlib which a very commonly used lib. Problem is this same vulnerability/test stretches over multiple versions and people are not even sure if it is a vulnerability or not.
Personally I would like to accept the risk for all our products and move on until people are absolutely sure it is a vulnerability. Unfortunately we have around 100+ products and a decent chunk uses this library. I don't want to mitigate each one of them with the same reason, including future components of this finding.
Is it possible to have a method that can just take a 'vulnerability id' and mitigate that specific id for all projects and future projects with a reason?
Beta Was this translation helpful? Give feedback.
All reactions