List view
Enable auto-closing of vulnerabilities when they have been remediated and no running instances of the affected component are detected, while ensuring that the TRD (target Remediation Date) of a finding remains unchanged when a new affected component is found.
Due by June 30, 2025Implementing a mechanism for changing the severity level of a vulnerability - allows SGEs to adjust severity levels based on new information or reassessments The proposed approach is to enable SGEs to change service CIA attribute which then automatically adjusts the severity level. Objectives - Develop a user interface and backend functionality to allow SGEs to change severity level
Due by September 30, 2026•0/1 issues closedImplement a multi-tenancy model using Relationship-Based Access Control (ReBAC) to provide isolation and access control based on defined relationships between entities. *Objectives:* - Develop a system that supports ReBAC, allowing access permissions to be determined by the relationships between users and resources. - Ensure that tenants are isolated from each other, with access to resources strictly controlled by the defined relationships. - Provide a user interface and backend support for managing relationships and access controls efficiently.
Due by June 30, 2026•0/1 issues closedImplementing a remediation path for handling manually mitigated - a mechanism for marking, and managing manually mitigated vulnerabilities. *Objectives:* - Develop a user interface and backend functionality to allow SGEs to mark vulnerabilities as manually mitigated. - Ensure that vulnerabilities marked as manually mitigated are excluded from issue views and issue counts
Due by March 31, 2026•0/1 issues closedImplementing a remediation path for handling false positives, including a mechanism for marking, and managing vulnerabilities that have been accepted as risks. *Objectives:* - Develop a user interface and backend functionality to allow SGEs to mark vulnerabilities as risk accepted . - Ensure that vulnerabilities marked as risk accepted are excluded from issue views and issue counts
Due by February 28, 2026•0/1 issues closedImplementing a remediation path for handling false positives, including a mechanism for marking and managing false positives. *Objectives:* - Develop a user interface and backend functionality that allows SGEs to mark vulnerabilities as false positives. - Ensure that vulnerabilities marked as false positives are excluded from issue views and issue counts, providing a clearer and more accurate representation of actual vulnerabilities.
Due by December 31, 2025•0/1 issues closed*Objective* Enhance the Service and Service Detail views to be cleaner and more user-friendly by shifting the focus from image version-centric to issue-centric navigation. Current Navigation Flow: Service → Service Detail → Image Version(s) → Issues Proposed Navigation Flow: Service → Service Detail → Image(s) → Issues This (new) approach provides a centralized medium to funnel all components affected by a specific issue.
Due by September 30, 2025Implementation of vulnerability insights views for the Manager persona. As a Manager, I want to be able to: - See an overview of findings in the cloud operating system - drill down on specific issues and fetch associating information such as the component/services impacted and support group affiliations. So that I can: - Maintain a comprehensive overview of the cloud operating system's security posture and confirm implementation and adherence to security protocols.
Due by July 31, 2025•2/4 issues closed