Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6343

Add actions to defer and and false/positive flag to CVE detail page

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      Business Problem:

      The CVE Detail page (see https://<acs-url>/main/vulnerabilities/workload-cves/cves/<CVE>) is missing the action button to defer and/or marke a particular vulnerability as false/positive. While the actions are available under https://<acs-url>/main/vulnerabilities/workload-cves they are missing in the Detail page. For bulk activity it's good enough to have it at the overview page. But if additional inspection is needed, it would be handy to have the same action buttson available oon the CVE detail page to flag the vulnerability as defer or false/positive after doing the initial assessment. Without the action button, it's required to go back again, check for the CVE and then do the action which is a terrible user experience.

      Use Cases:

      When evaluating workload vulnerabilities, it is often required to look at the details of a given CVE before it can be decided what to-do next. Missing the action button to defer ot mark the vulnerability as false/positive caused bad user experience as the user needs to go back to the overview, look again for the vulnerability before the desired action can be taken. So to improve user experience, the same action button should be available on the CVE detail page to make the vulnerability accordingly.

      Key Functionality:

      Ability to defer or mark a vulnerability as false/positive when looking at the details of a specific CVE. Meaning having the same actions available on https://<acs-url>/main/vulnerabilities/workload-cves/cves/<CVE> that are available on https://<acs-url>/main/vulnerabilities/workload-cves

      Benefits:

      Very much improved user experience and therefore improved workflow when assessing and evaluating vulnerabilities reported.

      Acceptance criteria:

      Action to defer or mark a vulnerability as false/postive available on https://<acs-url>/main/vulnerabilities/workload-cves/cves/<CVE> and when triggering the same to have the action properly executed.

            sbadve@redhat.com Shubha Badve
            rhn-support-sreber Simon Reber
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: