Does DefectDojo itself have a pURL and/or CPE format that should be used? #10127
Unanswered
brett-thomson-livanova-security
asked this question in
Q&A
Replies: 1 comment
-
https://documentation.defectdojo.com/integrations/parsers/file/cyclonedx/ It has all external dependencies but does not necessarily cover the package's internally attributed vulnerabilities. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are tracking our components, containers, applications, and component analysis in the Dependency Track
and all of our scans, engagement, and tests in Defect Dojo.
I was trying to determine the package (pURL) or CPE search strings for the Defect Dojo, but I could not find one listed anywhere. I had ChatGPT guess for me, but I did not find the issues listed in the security section even after lowering the package version below the ones that have known issues. I assume these security vulnerabilities on the security tab are limited to just the defect dojo and not the version of the database or OS that the docker image has.
Beta Was this translation helpful? Give feedback.
All reactions