Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Hub Views in Runtime (SBOM & CVE Data) #281

Open
adam-defenseunicorns opened this issue Sep 4, 2024 · 4 comments
Open

Security Hub Views in Runtime (SBOM & CVE Data) #281

adam-defenseunicorns opened this issue Sep 4, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@adam-defenseunicorns
Copy link

adam-defenseunicorns commented Sep 4, 2024
edited by DannyDTenacious
Loading

Is your feature request related to a problem? Please describe

As a security professional, I would like to view the current state of SBOMs in my cluster and be able to view SBOMs by image. I would like to be able to sort the table data by each column listed. I would like the ability to export table data in .csv format.

Describe the solution you'd like

As a security professional, I would like to view the following information:

For the Cluster:
Top Level:

  • Total number of Critical Issues
  • Total number of High Issues
  • Average time it takes to 'resolve' an issue

Table:

  • Build Date
  • Package Name
  • Package Version
  • Author
  • CVE Count (total for this package)
  • Critical CVEs (default view is ordered by this data alphabetically)
  • High CVEs
  • Images w/Package (total number of images with this package)

For "By Image" Tab

  • Image ID [Image Sha]
  • Component
  • App Name
  • App Version
  • Author
  • Vulnerability ID
  • Severity (CVE Level) (default view is ordered by this data alphabetically) [Critical, High, Medium, Low, Negligible]
  • Reporter
  • Vex Status [Affected, Under Investigation, Not Affected]

Describe alternatives you've considered

  • Justification Status [Completed, Needed, Pending, Not Needed]

Describe alternatives you've considered

(optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context

Screenshot 2024-09-04 at 12 12 18 PM Screenshot 2024-09-04 at 12 11 27 PM
@adam-defenseunicorns adam-defenseunicorns added the enhancement New feature or request label Sep 4, 2024
@DannyDTenacious DannyDTenacious mentioned this issue Sep 4, 2024
Closed
@adam-defenseunicorns
Copy link
Author

Connected to #367

@BillyFigueroa BillyFigueroa mentioned this issue Sep 24, 2024
Merged
@DannyDTenacious
Copy link

This clarification was provided in Slack; pasting in ticket as well. More detail for items:
(Cluster Overview)
Author: Author or provider of the package
(By Image)
Image ID (the unique Image sha identifier... can be truncated with "...")
Component (an old carry over from previous design, can be removed)
App Name (name of software component)
Author (Identity of the creator or provider of the component)
Reporter (if available, the reporter of the CVE identified)
Vex Status (Vulnerability Exploitability eXchange - a security advisory status that gives insight into priority of the CVE)
Justified (this is not needed during this current phase of development; eventually, this will contain the justification provided by the Mission Hero for how they have mitigated this particular CVE for ATO requirements)

@DannyDTenacious DannyDTenacious mentioned this issue Sep 30, 2024
Closed
@UncleGedd
Copy link
Contributor

SecurityHub is currently being redesigned, will re-attack when they have more to work with

@DannyDTenacious
Copy link

UX Ticket for Sec Hub Views in runtime: #483

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@UncleGedd @DannyDTenacious @adam-defenseunicorns