You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wondering what happens and what should be done when a CVE details (whether it be CVSS value, EPSS or EPSS percentile) changes.
For example, the EPSS score may change throughout the history of a CVE (see https://www.cvedetails.com/epss/CVE-2024-8698/epss-score-history.html ).
Then what is supposed to happen in Dependency Track ? I imagine (not sure) that DT updates automatically the CVE details.
But if I already have set the dependency as "suppressed", is there a way to automatically 'unsuppress' it ? Or it there any way to know that this vulnerability I already have investigated has changed in any way ?
What are your thoughts about it ? What does Dependency-Track currently offers ?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
I'm wondering what happens and what should be done when a CVE details (whether it be CVSS value, EPSS or EPSS percentile) changes.
For example, the EPSS score may change throughout the history of a CVE (see https://www.cvedetails.com/epss/CVE-2024-8698/epss-score-history.html ).
Then what is supposed to happen in Dependency Track ? I imagine (not sure) that DT updates automatically the CVE details.
But if I already have set the dependency as "suppressed", is there a way to automatically 'unsuppress' it ? Or it there any way to know that this vulnerability I already have investigated has changed in any way ?
What are your thoughts about it ? What does Dependency-Track currently offers ?
Best regards
Francois
Beta Was this translation helpful? Give feedback.
All reactions