dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

CRAVEX: Alerting/notification

Open pombredanne opened this issue 1 year ago • 2 comments

Create a system to provide a alert/notification when new, not-yet-processed vulnerabilities are uncovered

pombredanne avatar May 08 '24 18:05 pombredanne

Refer to issue https://github.com/nexB/dejacode/issues/94 for discussion of the vulnerability lookup process.

DennisClark avatar Jun 24 '24 23:06 DennisClark

We can make use of the existing DejaCode Notifications feature to support this one.

Additionally (or alternatively) we could consider providing an ability to create a workflow request automatically to alert the appropriate users and to track the progress of the analysis and resolution.

DennisClark avatar Jun 24 '24 23:06 DennisClark

@DennisClark let's start with this for now

We can make use of the existing DejaCode Notifications feature to support this one.

pombredanne avatar Dec 02 '24 16:12 pombredanne

@tdruez We can possibly consider triggering a notification based on an update (change) to the Vulnerability Risk field.

DennisClark avatar Dec 17 '24 00:12 DennisClark

I think the new notification should be based on the Package for security reasons, although the message could say something like there is a vulnerability risk change in a package used by one or more of your products.

DennisClark avatar Dec 19 '24 16:12 DennisClark

Notifications implemented in https://github.com/aboutcode-org/dejacode/pull/220/ Documentation availablele at https://dejacode.readthedocs.io/en/latest/reference-vulnerability-management.html#notifications

tdruez avatar Jan 08 '25 10:01 tdruez