Issue
-
A IT Security Team has found a list of vulnerabilities for one of the CloudBees Supported Products.
Required Data for analyzing Security Vulnerability Scans
This article describes the minimum required information to provide CloudBees' feedback about a Security Report about one of the CloudBees products.
If the required data is bigger than 50 MB you will not be able to use ZenDesk to upload all the information. On this case we would like to encourage you to use our upload service in order to attach all the required information.
Required Data check list
-
Security Report of a supported format (see the below
Security Reportsection) -
Date of the Report
-
Name/Version of the scanned CloudBees product (the version should always be the latest released version) [1].
-
A support bundle for each of the analyzed products
-
Name/Version of the tool used for the Scan
-
The scan information must contain the file path to the vulnerability
Security Report
In order to be able to move forward efficiently, the CloudBees Security Team requires to have a way to import the data from the report in their vulnerability management tool (DefectDojo). This means the provided information must be in a supported format, for examples of those formats based on your scanning tool, see https://defectdojo.github.io/django-DefectDojo/integrations/parsers/file/.
In situations where it is not possible due to some limitations (human, permission, technical, etc.) to provide the expected format, the manual processing of the report will take a lot longer because a parser would be needed in order to ingest the data and consolidate our database.
| Cloud Platform | Traditional Platform | |
|---|---|---|
Operations Center |
cloudbees-cloud-core-oc |
cloudbees-core-oc |
controller |
cloudbees-core-mm |
cloudbees-core-cm |