Updates to vulnerabilities not showing up on older vulnerabilities
Summary
We have added a lot of enhancements to vulnerability records, but for some reason these updates are not propagating through to older records.
A few things come to mind that aren't showing on older vulnerability records.
- OWASP top 10
- SAST description updates
Example Project
Example
- Vulnerability CWE-89 in db.py
- Rules set contains owasp and updated description that is not present in the vulnerability record linked above
What is the current bug behavior?
Vulnerability records are not updated.
What is the expected correct behavior?
Vulnerability records are updated when new information becomes available. (The status
field should not be updated. This field can be changed by a user with admin_vulnerability
permissions.)
Outcome
Re-running the pipeline will update vulnerabilities. This is now called our in our documentation via this MR, Re-run pipelines to get latest vuln information (!149345 - merged).
Edited by Alana Bellucci