Replies: 2 comments 1 reply
-
|
I thought about this as well. Would be helpful to have it. It must definitely work with different databases. We have a lot of relationships already, so I am not afraid of another table. Not sure at the moment if to store with the observation or seperately so it can be used for different observations and where to get it from. It should go on the backlog. |
Beta Was this translation helpful? Give feedback.
-
|
@dervoeti Which scanner are you using? I typically work with Trivy and checked these observations. All observations from Trivy with GHSA didn't have a CVE. |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, I think Trivy already prefers the CVE if available. I've used Grype. But I just saw it has the |
Beta Was this translation helpful? Give feedback.
-
In SecObserve, vulnerabilities identified by their GHSA ID don't have an EPSS score. I checked a few GHSA vulnerabilities manually and all of them also had a CVE ID. Github provides an API that lists different identifiers for a GHSA:
https://docs.github.com/en/rest/security-advisories/global-advisories
I think it would be a good idea to store vulnerability aliases in SecObserve as well, to provide more metadata for each finding. The CISA KEV list for example also uses CVE IDs.
In Postgres, arrays could be used, but other databases might not support this. Another idea would be to use a table like this to
JOINthe aliases:Or create a separate table for vulnerabilities and then another table with aliases for those.
This will negatively impact the performance of some queries, because of the need for
JOINs, but I think with indexes this should not be a huge problem.Beta Was this translation helpful? Give feedback.
All reactions