Andrés Tito

icon company @Rohde-Schwarz icon location Munich, Germany icon location MSc Communication & Electronics @ TUM | Product Security & Embedded Security Enthusiast | How Much Coffee Is Too Much Coffee? ☕

Results 4 comments of Andrés Tito

Offer alias-based de-duplication of vulnerabilities

Hi @nscuro we would like to discuss our approach to tackle this issue. ![image](https://github.com/DependencyTrack/dependency-track/assets/52439101/a217b4d2-201a-4171-91de-78636fde143f) > The most desired approach would be to favor CVE's over any of the alternative identifiers....

Offer alias-based de-duplication of vulnerabilities

> Why not to use some internal Dependency-Track id (e.g. INT-1234) as a main identifier for vulnerabilities and put identifiers from public vulnerability databases in the alias section from the...

Avoid duplicates with alias BACKEND

> Not sure if I fully understand the PR. Does it only one vulnerability, the one from the source with the highest priority? > > It feels to me that...

Avoid duplicates with alias BACKEND

Hi @valentijnscholten @nscuro Thank you for your comments on the PR. You're right that a more ideal solution would be to **modify the data model** to have one vulnerability with...