Add EPSS Percentile information

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

This feature proposes adding EPSS (Exploit Prediction Scoring System) Percentile information to vulnerability findings within GitLab.

EPSS provides a probability score (0-100%) indicating how likely a vulnerability is to be exploited in the wild, helping teams prioritize remediation efforts more effectively. EPSS is already integrated in GitLab.

Percentile information adds additional context:

EPSS produces a probability of exploitation activity (a value between 0 and 1) in the next 30 days, which is the primary EPSS score. EPSS also puts that score in context by producing the percentile, which is the proportion of vulnerabilities that are scored at or less than the vulnerability.

From EPSS FAQ (emphasis added)

See also Understanding EPSS probabilities and percentiles.