Add filter for vulnerabilities with a fix available and the fixable since date in the Vulnerability Report
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
When Container Scanning or Dependency Scanning detect vulnerabilities (CVE), customers want notifications when fixes are available.
As soon as the detected vulnerability has an available fix, they have a policy to remediate those vulnerabilities within a set timeframe, such as 30, 60 or 90 days.
In the UI, they they seek details on when a vulnerability was found and how long the fix has been available. In addition, they want to be able to export this data.
The Vulnerability Report currently provides details on when a vulnerability was detected in a project, but there is no ability to search for vulnerabilities with a fix available and does not have information on how long the fix has been available. This prevents customers from effectively tracking remediation timelines to comply with their vulnerability management policies.
Intended users
- Security Analyst
- Developers
User experience goal
When I am managing vulnerabilities for my organization, I want to quickly identify vulnerabilities that have a fix available, so I can take action and remediate those vulnerabilities within 30, 60 or 90 days.
Proposal
Include filters in the Vulnerability Report to search for vulnerabilities with a fix available and the date when it became fixable.