Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

J

Topics created by joacim.svensson_8194

J

Is it possible to have feed-specific assessments of vulnerabilities?
Support • • joacim.svensson_8194

6

0
Votes

6
Posts

18
Views

Hi @joacim-svensson_8194 , That should have worked, but it's of course possible there's a bug. Can you confirm steps? Is this basically what you did? Create Two feeds (Feed1 and Feed2), download a vulnerable package in each feed Create Two Vuln Sources (OssIndex1, OssIndex2), associate each to each feed Run the "Vuln Downloader" Job, and see two identical vulnerabilities added to ProGet Assess the vulnerabilities differently (1 = Block, 2= Ignore) Package should Blocked on Feed1, and allowed on Feed2 I want to make sure we're following the steps you did, so we can test this. Cheers, Steve
J

Edit vulnerability?
Support • • joacim.svensson_8194

2

0
Votes

2
Posts

9
Views

Hi @joacim-svensson_8194 , It doesn't look like there's an edit page.... We'd love to learn how you're using manual vulnerabilities -- they don't have a huge use case, in my understanding. Just kind of like a quick/emergency way to block a package. Can you let us know what workflow is causing you to use manual and then edit manual vulnerabilities vs adding comments to them? Thanks, Alana