Joynext Cybersecurity Incident Response Team
Joynext Cybersecurity Incident Response Team
EPSS is created and managed by "first.org" team, who also created CVSS Calculator for CVEs. DT mirrors the EPSS tables daily and represent them in the GUI. I believe for...
> The purpose of VEX is to only include vulnerability exploitability information relevant to the product (a project in Dependency-Track), not individual components. The VEX definition and the minimum fields...
> DT should support GitHub Packages. I have not personally tried it, but assuming GitHub implements the proper semantics and APIs for Maven, Pypi, npm, etc, then you should be...
> Perhaps even make it configurable to enable/disable support for pre-releases when identifying the latest version. this is what I look for. At second is the link to the related...
Hello, JIRA Publisher is exact topic we try to realize now. May I ask you when this will be available (next release?) or how we can create/implement it in our...
**Current Behavior:** The notification email's subject are hard coded now and contain the project name (twice) only. E.g.: "New Vulnerability Identified on Project: [[PROJECTID]: [PROJECTID] : [VERSION]]" **Proposed Behavior:** add...
According to syalioune: My previous answer still apply. While v4.6.0 introduced customization features, it was for the notification body content. The notification title, thus email subject, is unfortunately still hardcoded....
Hi Mark, thanks a lot!
VDR is interesting and probably correct way. But simplest way could be to add into VEX export a Component BOM-REF string. Currently only Project BOM-REF is in VEX available. So...
> This is precisely what VDR will provide. Great! Thanks!