Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate EPSS mirroring to mirror-service #926

Closed
Tracked by #860
nscuro opened this issue Nov 23, 2023 · 0 comments · Fixed by #1135 or DependencyTrack/hyades-apiserver#636
Closed
Tracked by #860

Migrate EPSS mirroring to mirror-service #926

nscuro opened this issue Nov 23, 2023 · 0 comments · Fixed by #1135 or DependencyTrack/hyades-apiserver#636
Assignees
@sahibamittal
Labels
component/api-server domain/vuln-mirroring enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort

Comments

@nscuro
Copy link
Member

nscuro commented Nov 23, 2023
edited
Loading

EPSS mirroring is still performed by the API server. It should be performed by the mirror-service instead.

Note that EPSS references CVEs. If the corresponding CVE vulnerabilities have not been mirrored into the database yet, the EPSS records will be discarded. This race condition existed in vanilla DT already, but it will be even more noticeable in Hyades.

Perhaps EPSS data should get it's own table where we can simply dump all of it, instead of adding it to the VULNERABILITY table like it's done currently. We'll have a similar situation with CISA KEV integration.

open-vulnerability-clients has support for EPSS: https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/open-vulnerability-clients#exploit-prediction-scoring-system-epss-links
@nscuro nscuro added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort domain/vuln-mirroring component/api-server labels Nov 23, 2023
@nscuro nscuro mentioned this issue Nov 23, 2023
Open
34 tasks
@sahibamittal sahibamittal self-assigned this Feb 23, 2024
This was referenced Mar 14, 2024
Merged
Closed
@sahibamittal sahibamittal mentioned this issue Mar 25, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sahibamittal sahibamittal

Labels
component/api-server domain/vuln-mirroring enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort
Projects
None yet
Milestone
No milestone
2 participants
@nscuro @sahibamittal