Assessment Reporting Error for Missing Justification for `in_triage`
name: Assessment Reporting Error for Missing Justification for state of `in_triage`
about: hoppr-cop assessment
- Version: 1.3.1
- Platform: Linux 75ab7114710d 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Wed Feb 21 21:34:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
The documentation indicates that assessment YAML justification
is required only if state
=not_affected
or false_positive
. Items that are in a state of in_triage
are receiving the an error for a missing justification. example:
YAML
- package:
type: gem
name: json
version: "2.2.0"
assessmentDate: 2024-05-09
vulnerability: CVE-2020-10663
response: update
state: in_triage
detail: Fix Version 2.3.0 or above
yields
CVE-2020-10663 severity:'high' changed to 'low' based Assessment of Impact state
: in_triage. Ref: gem:json:2.2.0 in analysis.assessment.yml
future generated an Assessment exception: '' is not a valid
ImpactAnalysisJustification
Also, what is "future"?
Edited by Luke Benedict