SBOM Enhancements: Addressing Dismissed and Resolved Vulnerabilities
Problem to solve
Currently, the Software Bill of Materials (SBOM) report highlights all vulnerabilities, even those that have been dismissed or resolved. This makes it difficult to get an accurate view of the outstanding security issues.
Proposal
The SBOM report should indicate:
- If a vulnerability was dismissed.
- Reasons for dismissal (e.g., false positive, accepted risk).
- Resolved/fixed vulnerabilities.
Benefits:
These changes will streamline vulnerability tracking, ensuring that the SBOM reflects only relevant, outstanding vulnerabilities.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.