Display Modified Severity Score on STO Security Tests Dashboard Based Upon Snyk Policies
complete
R
Rubber Scallop
Our organization is interested in adjusting the json output (CVSS score) based on the updated Snyk policy (matching our org's severity rating) and display the updated value in the STO dashboard.
Log In
Canny AI
Merged in a post:
Allow custom severity levels in STO dashboard
R
Rubber Scallop
In our environment we re-score SNYK OSS vulnerabilities. Instead of having 'critical, high, medium, low, info', we have 'critical, severe, high, medium, low). The CVSS ranges are slightly different between these 2 lists. We would like the flexibility to customize the severity levels within STO dashboard.
Pritesh Chandaliya
are you asking to retain the snyk severity level (so that overrides Harness STO severity) levels. If yes, we already support it - https://developer.harness.io/docs/security-testing-orchestration/sto-techref-category/snyk/snyk-scanner-reference#show-original-issue-severities-overridden-by-snyk-security-policies
If not, can you please provide more context. Thanks! Rubber Scallop
Canny AI
Merged in a post:
STO Override Results Ranking
J
Jade Crocodile
Based off our environment, sometimes we want the ability to override how the results are scored or ranked(Critical/High/Medium/Low). It would be fine if it worked at the project level to start and per scanner of course. We noticed and specifically need it for CheckmarxOne scanner system which only uses high/medium/low for ranking. Thank you.
Pritesh Chandaliya
We have this priority for Q3, where we will provide a way to override the severity on our side by the ones provided by Checkmarkx (basically retain their severity). Jade Crocodile Burnt sienna Crawdad thanks for the patience.
Pritesh Chandaliya
complete
B
Burnt sienna Crawdad
Jade Crocodile from PC: I will be doing Q2 planning and once we have all the details I can update that here. Q2 planning will be done on April 15th.
Pritesh Chandaliya
Talked to the VSX team, and they would like to override the severity of the issues and retain the values which we get directly from Checkmarkxone.
J
Jade Crocodile
Let me check with my team. I will update shortly. Thank you.
Pritesh Chandaliya
Hello Nathan,
Can you please provide more context on the requirements.
Which of the below workflow are you expecting?
- User overrides the severity on Checkmarkx side, ingest the vulnerability data into Harness, show the overridden severity here on Harness across the console on issues, exemptions, dashboard, etc.
- User ingest the vulnerability data from Checkmarkx into Harness, user overrides the severity on Harness (new feature), show the overridden severity here on console including on pages - issues, exemptions, dashboard, etc.
Thanks, and open to chat!
Pritesh Chandaliya
We have released the override severity feature for Snyk. Now, if the user has overridden the severity on Snyk console the same value will be reflected on Harness STO page with the original and current severity with the correct reason.
Let me know if there is any help required. Thanks!
Load More
→