Be able to accept the Risk of a specific CVE for all projects and future projects #10832
resphantom
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
For some reason someone submitted a failing test as a critical vulnerability on a golang stdlib which a very commonly used lib. Problem is this same vulnerability/test stretches over multiple versions and people are not even sure if it is a vulnerability or not.
Personally I would like to accept the risk for all our products and move on until people are absolutely sure it is a vulnerability. Unfortunately we have around 100+ products and a decent chunk uses this library. I don't want to mitigate each one of them with the same reason, including future components of this finding.
Is it possible to have a method that can just take a 'vulnerability id' and mitigate that specific id for all projects and future projects with a reason?
Beta Was this translation helpful? Give feedback.
All reactions