Usability of VulnerabilityAudit

[markusmuellerusi]

Current Behavior

Add EPSS score and EPSS Percentile to column list (frontend, backend supplies necessary columns already) Put from-to-filter-fields in one row (please see date fields) Use a checkbox and a multi-range-slider for CVSSv2, CVSSv3 and new fields EPSS score and EPSS Percentile. The checkbox shows and hides the slider, and is responible for adding them to querystring. Make data types of these fields "number". The checkbox value is better than an empty or non-emty "string". Put CVSSv2, CVSSv3, EPSS score and EPSS Percentile on top of all filters. This are the criteria really used for audits, not comments, vendor responses, dates and text searches. Do not forget to invert the showInactive flag (getAllFindings, getAllFindingsGroupedByVulnerability):

    **_if (!showInactive) {_**
    //End GOV
        queryFilter.append(" WHERE (\"PROJECT\".\"ACTIVE\" = :active OR \"PROJECT\".\"ACTIVE\" IS NULL)");
        params.put("active", true);
    }

Proposed Behavior

Show the correct projects and make it easier to use. Provide EPSS score and EPSS Percentile Think about, how companies would define their risk appetite.

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested

[nscuro]

I like the idea of sliders for score ranges, nice!

The showInactive bug was fixed, the fix shipped with v4.11.4 today.