Vulnerability attribution support in CEL Policy #973
Labels
enhancement
New feature or request
help wanted
Extra attention is needed
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
Vulnerability attribution-based CEL policy is a way to automate the handling of vulnerabilities based on the source that reports them and related attributes. This can be useful for reducing the number of false positives and ensuring that only the most serious vulnerabilities are investigated.
In this example, the policy would automatically suppress a vulnerability if it is only reported by one source and not by the other three sources (OSV, SNYK, and Github). This is because it is possible that the vulnerability is not actually a real problem, or that it is a false positive. By suppressing these vulnerabilities, we can save time and resources.
Conversely, the policy would automatically escalate a vulnerability if it is reported by multiple sources. This is because it is more likely that the vulnerability is real if it is seen by multiple sources. By escalating these vulnerabilities, we can ensure that they are investigated promptly.
This type of policy can be helpful for security teams that are overwhelmed with a large number of vulnerabilities. By automating the handling of some of these vulnerabilities, security teams can focus their resources on the most critical threats.
The text was updated successfully, but these errors were encountered: