Comments (2)
lucasgonze
commented on June 11, 2024
A use case may help.
A compliance specialist is checking licensing problems flagged by the tool. They find an item using the AGPL. Company policy is to review usage context first. They create a Jira ticket with contextual information about the application, component, and license. They assign the ticket to an attorney, who evaluates the application. The attorney concludes that the component must be removed. The Jira ticket is assigned to an engineer, who follows links to the component source repository to find a replacement component and then code the change, then marks the work as done. The ticket is reassigned to the compliance specialist, who removes the AGPL issue as a blocker on acceptance of the application.
from dejacode.
DennisClark
commented on June 11, 2024
@lucasgonze thanks very much for the use case, which will be quite helpful when we get into the design details.
from dejacode.
Related Issues (20)
- CRAVEX: Vulnerability exploitability: integrate KEV and EPSS
- CRAVEX: Vulnerability exploitability: re-ranking HOT 1
- CRAVEX: Vulnerability exploitability: Reachability integration HOT 2
- CRAVEX: Vulnerability exploitability: Cross product queries
- CRAVEX: Propagate exploitability determination
- CRAVEX: Alerting/notification
- CRAVEX: Export VEX document: CSAF HOT 2
- CRAVEX: Export VEX document: CycloneDX VEX HOT 1
- CRAVEX: Create usage documentation
- CRAVEX: Create tutorials documentation
- CRAVEX: Apply UI usability review results for accessibility
- Add filters/search for the Product Inventory HOT 3
- BUG: Invalid package comparison in Product HOT 1
- Add full purl to most screens HOT 6
- BUG: SBOM import does not trigger scan of packages HOT 15
- Enhancement request: Retain transitive relationship between packages when importing SBOM HOT 6
- CRAVEX: Web UI: review and prioritize Vulnerabilities
- CRAVEX: Web UI: Extend to work per app/product
- CRAVEX: Vulnerabilities policy
- CRAVEX: Vulnerability exploitability: Determine and store a vulnerability exploitability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dejacode.