Skip to content

Add EPSS mirroring when NVD mirroring is not active #4834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 tasks done
PetervantHoff opened this issue Apr 10, 2025 · 0 comments
Open
2 tasks done

Add EPSS mirroring when NVD mirroring is not active #4834

PetervantHoff opened this issue Apr 10, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@PetervantHoff
Copy link

Current Behavior

We use trivy as a scanner for vulnerabilities for our container images. Because NVD overwrites these vulnerabilities when NVD mirroring is enabled and it also leads to more vulnerabilities (we use RedHat based containers and NVD does not take Red Hat specific versions into account).
However EpssMirrorEvent is only triggered after the NVD mirroring. Therefor we have no EPSS scores when NVD mirroring is not active.

Proposed Behavior

Trigger EPSS mirroring after the trivy analysis or on a daily schedule if NVD mirroring is not active.

Checklist
@PetervantHoff PetervantHoff added the enhancement New feature or request label Apr 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PetervantHoff