search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
5.03k stars 915 forks source link

Vulnerability Templates with Company Security Policy #313

Closed Thilaknath closed 3 years ago

Thilaknath commented 5 years ago

Issue Type

Hello Team,

Based on the documentation here. I see that we can add custom templates using csv. But at the end i also notice that Name, Description and Resolution fields are replaced with the information stored in the templates database.

Is it possible to link a vulnerability with an existing template rather than overwriting the finding.

Example Scenario 1) As a company I have certain security standards defined with in my org 2) As a Product Owner of one of the solution, I use faraday and execute scans using nikto or w3af against one of my solutions and they report vulnerability and are imported in to faraday. 3) As a product owner of the solution, I use faraday now and i want to correlate the findings to my company security guidelines so the developers are aware of the violations.

This can also be used for our reporting purpose sighting what was violated and what was fixed

montive commented 5 years ago

Hi.

I'll give you the answer as soon as we talk with the development team.

Thanks, cheers.