Responding to Dependency Alerts
Responding to Dependency Alerts
If a vulnerability is identified by the CVE scanning process, the following steps should be taken to mitigate:
-
Create a ticket relating to the vulnerability on the Github Projects board and add it to the current sprint.
-
Check to see if a patched version of the software exists using available documentation.
-
If a patched version of the software exists, patch the vulnerability and rerun the daily check.
-
If a patched version of the software doesn't exist, conduct further investigation into the vulnerability and communicate with the team for further escalation.
Was this page useful?