STO set default scan results for different scan tools
next fiscal quarter
T
Tan Cod
STO has it's own way of calculating vulnerabilities than that of the scan tool. We'd like the ability to use the specific calculation of the scan tool instead of what STO returns. For example, we have a medium severity vulnerability reported by Prisma Scan that Harness is reporting as high/critical. Although Harness does provide the raw scan results from the scanner, we'd like the ability to set the default results to be from Prisma instead of taking the calculation from STO in the Harness UI.
Log In
E
Electronic Emu
We will need the above feature for Anchore scan as well. We consider the original severity from the scan tool more reliable (than NVD database) as they were provided by the vendor who made the software component available. I appreciate if you can prioritize this feature. Thanks!
Pritesh Chandaliya
next fiscal quarter
Pritesh Chandaliya
long-term
Pritesh Chandaliya
under review
We normalize the data across all the scanners and use NVD data for prioritization. That is the reason STO has a separate severity from the scanner.
We will look into it, and update you on the ETA.
For now, you can always use the raw data fields for referring the scanner specific fields.