Exempted Vulnerability Detail should be available in the STO Output and exposed as API
complete
S
Skinny Grasshopper
- STO should have the exempted issues with severity details. (Priority : High/Urgent)
- Harness API should provide the detail for the exempted issue with severity and its meta data (issue description, CVE code) for the specific pipeline, project. (Priority : Moderate)
- The STO All Issue Summary Dashboard is not loading and keep spinning (Priority : Low)
Log In
Pritesh Chandaliya
complete
Pritesh Chandaliya
Sure Rubber Scallop Monday 15 July 12 pm (noon) PST works for me.
Pritesh Chandaliya
We are actively working on this, by EOW we should be able to share how the O/P will look like.
As we said, we are trying to get all the fields here, including total by severity and total new by severity for the exemptions.
“IgnoredHigh”: 0,
“IgnoredCritical”:1,
“IgnoredMedium”: 5
“IgnoredLow”: 5
“NewIgnoredHigh”: 0,
“NewIgnoredCritical”:1,
“NewIgnoredMedium”: 5
“NewIgnoredLow”: 5
R
Rubber Scallop
Pritesh Chandaliya Thank you Pritesh! Can I schedule a 30-minute meeting next week with you? Either Monday (15 July) or Tuesday (16 July) at 1 pm CT - 2 pm CT?
S
Skinny Grasshopper
Pritesh ChandaliyaThe current STO output looks like below, can you please post the expected output after the release of this enhancements?
Scan Results: {
"jobId": "XXXX",
"status": "Succeeded",
"issuesCount": 1,
"newIssuesCount": 0,
"issuesBySeverityCount": {
"ExternalPolicyFailures": 0,
"NewCritical": 0,
"NewHigh": 0,
"NewMedium": 0,
"NewLow": 0,
"NewInfo": 0,
"Unassigned": 0,
"NewUnassigned": 0,
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 1,
"Info": 0,
"Ignored": 0
}
}
S
Skinny Grasshopper
Pritesh Chandaliya Can you please provide sample STO output with severity break up?
Pritesh Chandaliya
in progress
S
Skinny Grasshopper
Please provide the sample STO output after includes the exemption with its severity. We will assume the expected STO output after the enhancements and start do the development to preserve the exemption detail in the SBOM as well as in the Deployment Authorization step.
S
Skinny Grasshopper
Hello Pritesh,
We need the first one as soon as possible(Aug 15th is our target, which needs to be developed on top of your fix, please provide the expected output after the fix ) so it would great if you expedite the STO output with severity for exempted issues as other vulnerabilities.
For the second one, what we have in UI should be enough for now, API might be useful incase if we need to use it.
The Dashboard not loading with or without any filter. Please set up a call we can share our screen.
Thanks,
Renga.
Pritesh Chandaliya
under review
Hello Renga,
Regarding the first request, we have prioritized the work and should have the fix well before 15 Aug. We will provide the fix behind FF (feature flag) and enable for your account, as we do not want to expose lots of O/P variables in the existing list. We are trying to provide it sooner so that can review and provide us feedback.
and regarding the 2nd - We are looking into the fix. We will provide the UI fix, where if you click on Exempted (filter) you will see only the exempted issues. Today you see exempted as well as non exempted together. This a regression on our end and we will fix it ASAP.
Regarding the API fix, we are working with engineering to understand the effort and I can provide more info after that.
regarding 3, can you provide us more information? If you applied any additional filter or the default view itself is not loading?
Thanks!