Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Dynamic Severity Level #1468

Closed
1 task done
cfabianski opened this issue Jan 15, 2024 · 0 comments · Fixed by #1469
Closed
1 task done

Remove Dynamic Severity Level #1468

cfabianski opened this issue Jan 15, 2024 · 0 comments · Fixed by #1469
Assignees
@cfabianski
Labels
enhancement New feature or request

Comments

@cfabianski
Copy link
Collaborator

cfabianski commented Jan 15, 2024
edited
Loading

Reasoning

  • Dynamic severity level is a nightmare
    • Users don’t understand it
    • We have edge-cases where we create confusion (diff scan without the context etc.)

What we’re trying to do here is “threat-modeling” for the AppSec team, mostly at the application level, considering rules directly tied to sensitive data are very limited.

Proposal

  • Remove dynamic severity level from CLI and Cloud, for findings
  • Create a “business risk score” using the App sensitive data detect that we can show on the Dashboard when we list all the App

Questions

  • What do we do with rules directly tied to sensitive data?
    • We keep them and the logic, considering it’s isolated to the code scan it won’t pause any problems.
@cfabianski cfabianski added the enhancement New feature or request label Jan 15, 2024
@cfabianski cfabianski self-assigned this Jan 15, 2024
@cfabianski cfabianski mentioned this issue Jan 19, 2024
Merged
4 tasks
@gotbadger gotbadger changed the title Remove Dynamic Security Level Remove Dynamic Severity Level Jan 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cfabianski cfabianski

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: remove dynamic severity Bearer/bearer
1 participant
@cfabianski