CRAVEX: Vulnerability exploitability: re-rank for product context and policies

aboutcode-org / dejacode

Automate open source license compliance and ensure software supply chain integrity

https://dejacode.readthedocs.io

GNU Affero General Public License v3.0

20 stars 7 forks source link

CRAVEX: Vulnerability exploitability: re-rank for product context and policies #102

Open pombredanne opened 4 months ago

pombredanne commented 4 months ago

Re-rank the exploitability scores given the org and local app/product context and policies

DennisClark commented 4 months ago

not sure I understand what is being re-ranked: specific vulnerabilities? specific packages? the vulnerable packages in a product inventory? (probably the last one i guess)