Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRAVEX: Alerting/notification #106

Open
pombredanne opened this issue May 8, 2024 · 5 comments
Open

CRAVEX: Alerting/notification #106

pombredanne opened this issue May 8, 2024 · 5 comments
Assignees
Labels
design needed Design details needed to complete the issue vulnerabilities Vulnerability Management

Comments

@pombredanne
Copy link
Member

pombredanne commented May 8, 2024

Create a system to provide a alert/notification when new, not-yet-processed vulnerabilities are uncovered

@DennisClark
Copy link
Member

Refer to issue #94 for discussion of the vulnerability lookup process.

@DennisClark
Copy link
Member

We can make use of the existing DejaCode Notifications feature to support this one.

Additionally (or alternatively) we could consider providing an ability to create a workflow request automatically to alert the appropriate users and to track the progress of the analysis and resolution.

@DennisClark DennisClark self-assigned this Jun 24, 2024
@DennisClark DennisClark added the design needed Design details needed to complete the issue label Jun 24, 2024
@pombredanne
Copy link
Member Author

@DennisClark let's start with this for now

We can make use of the existing DejaCode Notifications feature to support this one.

@DennisClark
Copy link
Member

@tdruez We can possibly consider triggering a notification based on an update (change) to the Vulnerability Risk field.

@DennisClark
Copy link
Member

I think the new notification should be based on the Package for security reasons, although the message could say something like there is a vulnerability risk change in a package used by one or more of your products.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
design needed Design details needed to complete the issue vulnerabilities Vulnerability Management
Projects
Status: No status
Development

No branches or pull requests

2 participants