include vulnerabilities from other sources than NVD in exploit predictions graph

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

Apache License 2.0

2.72k stars 580 forks source link

include vulnerabilities from other sources than NVD in exploit predictions graph #1899

Open redaabdellah21 opened 2 years ago

redaabdellah21 commented 2 years ago

The enhancement may already be reported! Please search for the enhancement before creating one.

Current Behavior:

vulnerabilities reported by oss index or github are not in the exploit predictions graph

Proposed Behavior:

include these vulnerabilities in the graph so that we can prioritize their audit

JN-CSIRT commented 2 years ago

EPSS is created and managed by "first.org" team, who also created CVSS Calculator for CVEs. DT mirrors the EPSS tables daily and represent them in the GUI. I believe for this enhancement should you address to FIRST

redaabdellah21 commented 2 years ago

Hi @JN-CSIRT, thank you, i will try to contact them.