In a component (e.g. an Application) that has dependencies (e.g. some SDKs) it is not straight-forward to treat risks transferred by the dependencies to the integrator.
Indeed the transferred risks may have Business Assets, Supporting Assets and vulnerabilities coupling, not present originally into the the final component. This forces to import or recreate all of them into the final component
Duplicate Steps
No response
Expected Results
We should have a way to define a risk, transferred from a dependencies, with only its Description, Score and a comment for its origin.
This will avoid to import a lot of individual elements.
Issue Description
In a component (e.g. an Application) that has dependencies (e.g. some SDKs) it is not straight-forward to treat risks transferred by the dependencies to the integrator.
Indeed the transferred risks may have Business Assets, Supporting Assets and vulnerabilities coupling, not present originally into the the final component. This forces to import or recreate all of them into the final component
Duplicate Steps
No response
Expected Results
We should have a way to define a risk, transferred from a dependencies, with only its Description, Score and a comment for its origin. This will avoid to import a lot of individual elements.
Version Detected
1.2.0
Attachments
No response