Changes

Page history
Update Vulnerability Remediation authored by desman bolden's avatar desman bolden
Show whitespace changes
Inline Side-by-side
Vulnerability-Remediation.md
View page @ b126e075
**Vulnerability Management Process Flow**
![FlowCapture](uploads/393e9662c3993da431681fbd90ed0799/FlowCapture.JPG)
1. **Developers:** Develop software and trigger the execution of vulnerability scanning via the CI/CD pipeline.
2. **Scanning Tools:** Detect, classify and provide vulnerability remediation steps.
......@@ -20,24 +21,22 @@
| Policy | Mohammad Malekmakan | EA/DEL/DIGITAL Petronas |
| Data Definitions | Thomas Gehrmann | SLB |
| Infra-azure-provisioning | Madhur Tanwani | MSFT |
6. **Exception/Acceptance Process:** If a vulnerability can be resolved, but not within the required time frame the exception process must be followed along with vulnerability remediation. If a vulnerability cannot be resolved the acceptance process must be followed and no further remediation will be required.
Note: The following steps are only required if a vulnerability can be remediated.
6. **Exception/Acceptance Process:** If a vulnerability can be resolved, but not within the required time frame the exception process must be followed along with vulnerability remediation. If a vulnerability cannot be resolved the acceptance process must be followed and no further remediation will be required. Note: The following steps are only required if a vulnerability can be remediated.
7. **Remediate Vulnerability:** Developers will remediate vulnerabilities by performing the following steps:
       7.1. Update software and/or dependencies based on recommendations
7\.1. Update software and/or dependencies based on recommendations
       7.2. Rescan impacted software and dependencies to ensure vulnerabilities are no longer detected
7\.2. Rescan impacted software and dependencies to ensure vulnerabilities are no longer detected
       7.3. Update Issue status to Resolved. The following steps are to be used to close out vulnerabilities in the compliance report after they have been remediated:
7\.3. Update Issue status to Resolved. The following steps are to be used to close out vulnerabilities in the compliance report after they have been remediated:
- Access the OSDU Vulnerability Report [Vulnerability Report · Platform · GitLab (opengroup.org)](https://community.opengroup.org/groups/osdu/platform/-/security/vulnerabilities).
- Locate the vulnerability assigned to you or your team. This can be done by using the dropdown filters and/or scrolling though listed vulnerabilities.
* Access the OSDU Vulnerability Report [Vulnerability Report · Platform · GitLab (opengroup.org)](https://community.opengroup.org/groups/osdu/platform/-/security/vulnerabilities).
* Locate the vulnerability assigned to you or your team. This can be done by using the dropdown filters and/or scrolling though listed vulnerabilities.
![VulnerabilityListCapture](uploads/010126d7101a79157157f28ed2718837/VulnerabilityListCapture.JPG)
- Click on vulnerability.
- Select the Status dropdown list which can be found in the upper right corner of the screen.
- Select the appropriate status (Dismiss, Confirm or Resolve)
- Click Change status button
* Click on vulnerability.
* Select the Status dropdown list which can be found in the upper right corner of the screen.
* Select the appropriate status (Dismiss, Confirm or Resolve)
* Click Change status button
![VulnerabilityScreenCapture](uploads/82e8008fc3e9a8515cbfa6ac5801acd2/VulnerabilityScreenCapture.JPG)
\ No newline at end of file