Open dherder opened 5 months ago
@dherder when you get the chance can you please describe the exact workflow that inspired this feature request. Something about false positives?
It could be bug.
It could also be documented clearly. There's specific rule for each type of software.
@noahtalerman I raised https://github.com/fleetdm/fleet/issues/19920 to investigate the actual false positive, but by doing that, further proved that we need to show the data source within the UI and API
Problem
As a vulnerability analyst, it is difficult to determine which data source is linked to vulnerabilities (CVEs) raised in Fleet. This is an important datapoint when determining whether or not a CVE might be a false positive. For example, if I investigate CVE-2332-73839 (fake) I'd first check NVD's linked listing of the CVE. By doing this, I'm still not sure if the CVE source is NVD or vulncheck. I would have to hit the public vulncheck api and correlate that with what I see in NVD.
This is a tedious process and makes it appear that Fleet is not transparent in the data backing the vulnerability detections.
The request is to add a column in the vulnerability views called "data source" that would be populated with either NVD or VulnCheck or any future potential data source, oval, etc.