hyades icon indicating copy to clipboard operation
hyades copied to clipboard
verified publisher icon DependencyTrack

Support for vulnerability tags

Open VinodAnandan opened this issue 2 years ago • 2 comments

Currently, the tagging system is restricted to projects only. It is imperative to expand this functionality to include vulnerability tags, allowing for the communication of additional metadata related to vulnerabilities. Unlike project tags, the information associated with vulnerability tags can be provided by the sources of vulnerabilities. Therefore, it is crucial to capture the source of the tag (e.g., Snyk vs internal ).

VinodAnandan avatar Dec 04 '23 09:12 VinodAnandan

Exact requirements need to be discussed before implementation.

  1. Vulnerability tags if created by source say SNYK, should be immutable. If created by user can be edited. This might need use of attributions.

  2. Do we need tags? Or they can be replaced by vulnerability properties (k-v pairs). This might lead to redundant data in case multiple vulns have same property.

sahibamittal avatar Dec 11 '23 16:12 sahibamittal

Tagging as good first issue since the requirement in itself is rather simple.

Sized as L because it will involve a bit more work. Note that we can implement this in stages. The underlying requirement of being able to tag vulnerabilities should be an M sized task at most.

nscuro avatar Apr 12 '24 13:04 nscuro

Already implemented.

nscuro avatar Jul 18 '24 13:07 nscuro