Security Finding Management Service
2025-2026 ősz
Szoftver
Téma leírása
This is an external topic
The project to create an automated a web service for managing Open-source software vulnerability findings, from intake to resolution. It aims to help in the assessment of vulnerabilities in Open-source software that is used by projects.
The projects receive vulnerability notification from an internal system that make notifications based on the projects SBOM. These notifications must be assessed, and a remediation action shall be defined for each of them. Currently there is no automated process which checks these notifications against the project components repositories and proposes a mitigation action. The development teams get these notifications sporadically in a spreadsheet, which can contain up to multiple thousands of entries, so it’s hard to plan with this effort during a release cycle.
Külső partner: Nokia
Maximális létszám:
1 fő