Support threshold for "unnassigned" vulnerabilities #158
Labels
enhancement
New feature or request
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
At the moment it is not possible to specify thresholds for vulnerabilities of "unassigned" category. I'm assuming this is intended behavior, since "unassigned" vulnerabilities are kind of in limbo.
However, I'm not 100% sure if those should be ignored. In practice, there are some yet unclassified but already confirmed vulnerabilities that are getting unnoticed. For instance, very recently we faced https://nvd.nist.gov/vuln/detail/CVE-2023-1370, which is unclassified at the moment. That vulnerability was already acknowledge and fixed by the vendor.
In our case, it flight under the radar until someone realized we were building/releasing with vulnerabilities.
Describe the solution you'd like
As it is done for other vulnerability categories, I would like to be able to specify thresholds for the "unassigned" vulnerabilities.
Let me know what you think about this solution, or if you recommend another way of dealing with this situation.
If you think this should be implemented, I can work on a MR.
The text was updated successfully, but these errors were encountered: