|
|
| Feature ID |
FEA010 |
| Subsystem the feature is part of |
Security fixes |
| Responsible person |
Julius Pölkki |
| Status |
done, for now |
Description
Integrate with a vulnerability scanning tool to automatically detect and report known vulnerabilities
All relevant issues related to or contributing to the definition of the feature are gathered here
Preliminary user stories
- #72 As a developer, I want to be notified of critical security vulnerabilities in our dependencies, so that I can quickly update them and minimize our risk
- #70 As a project manager i want to see regular reports from the vulnerability scanning tool, providing visibility into our software security practices, and ensuring that we're maintaining good cybersecurity hygiene
- #80 As a security officer, I want this automated scanner to correctly report vulnerabilities in line with their severity and offer mitigation strategies where possible, to help me prioritize and address these issues appropriately.
Testing / possible acceptance criteria
| Testcase |
Test source |
Responsible |
| Testcase 1 #206 |
Requirement ID/Use Case |
Vulnerability scanner |
| Testcase 2 #199 |
Requirement ID/Use Case |
Vulnerability reports |
| Testcase 3 #199 |
Requirement ID/Use Case |
Vulnerability solutions |
|
|
|