Replies: 1 comment 1 reply
-
|
For some parsers the EPSS score is imported if available in the scan report. I believe Defect Dojo Pro has an EPSS sync to enrich vulnerabilities that don't have an EPSS value from scan reports. cc @paulOsinski |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Yes, the EPSS Database / sync is a feature that already exists in DefectDojo Pro. I need to update the docs to note that this is a Pro feature, but this is how the feature works: |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi team,
In a side project we're adding metadata do reports imported into Dojo, things like:
Our approach is to load these databases into Dojo and have the import parsers cross-reference them. These databases are public and actively maintained by the community, so having the data easily linked within Dojo should help in analyzing and prioritizing vulnerabilities.
What would be a recommended approach to integrate these into Dojo? Some specific design points we could use feedback on:
Should the external metadata databases be updated automatically by Dojo itself, or should we make a separate tool (that the user would need to run periodically) to update the metadata?
We are currently leaning to adding the additional information in a new panel (the foldable blue boxes) in the Finding view. Is this adequate or is there another approach that would be preferable (e.g., putting it directly in the description field)?
(We know there is an ongoing feature freeze; it would also be interesting to get some directions on how to make it easier to rebase on v3 in the future if we decide not to merge on v2.)
Beta Was this translation helpful? Give feedback.
All reactions