Vulnerability Scans: DAST API scan, DAST web scan, Container scan.
We are required for FedRAMP to triage issues reported by our scanners in our FedRAMP scoped images used in production.
This section lists security dashboards that need to be reviewed:
Vulnerability reports for container scanner are to be triaged from this page.
Currently we do not have the ability to filter based on images.
Container scanner findings will typically be straightforward to triage, since severity ratings and SLA requirements are dictated by the CVSS score provided by the National Vulnerability Database. Please see the Vulnerability management changes required for FedRAMP page in the internal handbook for more information.
Findings are to be triaged from this vulnerability report page.
Note: this guide is intended for any teams triaging FedRAMP vulnerabilities.
SLAs can be consulted on the vulnerability management remediation SLAs page.