DAST Vulnerability Management

Vulnerability management process

1. Run the CA triage tool. This will create linked issues with the correct labels for vulnerabilities.
2. Run Mike's triage helper script. This will resolve any no longer found vulnerabilities, and close out any linked issues that are not deviation requests.
3. If any still-oustanding vulnerabilities have fixes available:
   1. Release a new FIPS image (including the full chain of base images: dast-chromium -> browserker -> dast) to pick up fixes
   2. Re-run container scanning
   3. Re-run vuln management scripts
4. If any still-outstanding S1/S2 vulnerabilities are within a week of breaching their SLA and have no remediation, follow the documented process to open a DR.
   • Note that the process documents a number of cases when a DR should not be opened.
5. Update this template with corrections and additional information.

---

/cc @cam_swords @DavidNelsonGL @mikeeddington
/cc @derekferguson @twoodham

Issue created from a template by 🤖 Hall Monitor 🤖