Skip to content

system wide vulnerability management #1495

Open
@bovy89

Description

@bovy89

Hi,
I would congratulate with you because that is a great project but I'm going to describe some "usability problems" that for me needs an improvement to make this project even better:

Our environment:

  • dependencytrack version: 4.4
  • a lot of projects
    - use cases:
    • in a CI environment: CI pipeline will fail if a vulnerability >= high will be found 
    • to analyze stale projects for new vulnerabilities based on latest uploaded bom

Usability problems:

  1. A new vulnerability used by almost all projects has been published but not fixed yet (e.g. GHSA-57j2-w4cx-62h2). If a fix on our projects needs to be released it will be blocked by CI pipeline check. Right now I must suppress and manage that vulnerability on every project. It would be great if we can also manage vulnerabilities "globally": managing vulnerabilities on every project is not sustainable and leads to errors.
  2. Right now we can suppress/manage a vulnerability on every project but there is not a view of active/made suppressions (I need to track it somewhere else and if combined with problem 1 that is a huge management problem). It would be great if there was a recap view with all managed/suppressed vulnerabilities so we can figure out what is suppressed and need to be patched when a fix will be released

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions