Issue
-
A IT Security Team has found a list of vulnerabilities for one of the CloudBees Supported Products.
Required Data for analyzing Security Vulnerability Scans
This article describes the minimum required information to provide CloudBees' feedback about a Security Report about one of the CloudBees products.
If the required data is bigger than 50 MB you will not be able to use ZenDesk to upload all the information. On this case we would like to encourage you to use our upload service in order to attach all the required information.
Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
Required Data check list
-
Security Report of a supported format(see below Security Report)
-
Date of the Report
-
Name/Version of the scanned CloudBees product[1].
-
A support bundle for each of the analyzed products
-
Name/Version of the tool used for the Scan
-
The scan information must contain the file path to the vulnerability
Security Report
In order to be able to move forward efficiently, the CloudBees Security Team requires to have a way to import the data from the report in their vulnerability management tool. This means the provided information must be in a supported format.
In situations where it is not possible due to some limitations (human, permission, technical, etc.) to provide the expected format, the manual processing of the report will take a lot longer because a parser would be needed in order to ingest the data and consolidate our database.
| Cloud Platform | Traditional Platform | |
|---|---|---|
Operations Center |
cloudbees-cloud-core-oc |
cloudbees-core-oc |
controller |
cloudbees-core-mm |
cloudbees-core-cm |