Replies: 1 comment
-
|
Currently you can't add new vulnerabilities via VEX. I believe DT is open to a contribution that would allow adding of vulnerabilities via a VDR. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everybody,
I'm a user of Dependency Track and I stumble upon one thing for managing Debian OS :
... "ba693957-3ea9-47a4-9d32-5f82289f0474" ] }, { "ref" : "ea7ba059-5056-4920-b39d-9059aa07765b", "dependsOn" : [ "60ed6906-d48a-4b2a-a32a-d14074b1218d", "769b1261-094f-4930-84f7-6b8588d3ab02", "e59b3c6b-26bc-4f97-895c-e0e74a923160", "2dd55dc8-13aa-4889-a469-0ea486ba70ab", "e1d40b85-8fd6-491f-9d08-adefa91f6123", "7f105c61-ba09-4912-b04a-1ee5c257a34d" ] } ], "vulnerabilities" : [ { "bom-ref" : "15dfa830-80b7-47a9-8763-3b867253d3d2", "id": "CVE-2023-12345", "source" : { "name" : "Debian Security Tracker", "url" : "https://security-tracker.debian.org/" }, "ratings" : [ { "source" : { "name" : "Debian Security Tracker", "url" : "https://security-tracker.debian.org/" }, "score" : 5.3, "severity" : "medium", "method" : "CVSSv3", ...Syntax has been checked ok but when I upload it in the Apply VEX menu, nothing changes and I have this log in the docker container of the backend :
2024-12-24 13:58:12,430 [] INFO [org.dependencytrack.tasks.VexUploadProcessingTask] Processing CycloneDX VEX uploaded to project: 6e22f48e-a5e5-4433-8c96-e377fb7b774f 2024-12-24 13:58:12,512 [] INFO [org.dependencytrack.parser.cyclonedx.CycloneDXVexImporter] The project AIO Debian does not have any vulnerabilities; Skipping VEX importDoes someone already encountered this ? Is this possible to add vulnerabilities section to sbom so that DT can recognize those. vulnerabilities ?
Regards
GxFab
Beta Was this translation helpful? Give feedback.
All reactions