DAST FIPS Vulnerability Management 16.6
Vulnerability management process
-
Run the CA triage tool. This will create linked issues with the correct labels for vulnerabilities. -
Run Mike's triage helper script. This will resolve any no longer found vulnerabilities, and close out any linked issues that are not deviation requests. -
If any still-oustanding vulnerabilities have fixes available: -
Release a new FIPS image (including the full chain of base images: dast-chromium -> browserker -> dast) to pick up fixes -
Re-run container scanning -
Re-run vuln management scripts
-
-
If any still-outstanding S1/S2 vulnerabilities are within a week of breaching their SLA and have no remediation, follow the documented process to open a DR. - Note that the process documents a number of cases when a DR should not be opened.
-
Update this template with corrections and additional information.
/cc @cam_swords @DavidNelsonGL @mikeeddington
/cc @derekferguson @twoodham
Issue created from a template by
Edited by Arpit Gogia