Responding to Dependency Alerts
If a vulnerability is identified by the CVE scanning process, the following steps should be taken to mitigate:
Create a ticket relating to the vulnerability on the Github Projects board and add it to the current sprint.
Check to see if a patched version of the software exists using available documentation.
If a patched version of the software exists, patch the vulnerability and rerun the daily check.
If a patched version of the software doesn’t exist, conduct further investigation into the vulnerability and communicate with the team for further escalation.
This page was last reviewed on 10 April 2025.
It needs to be reviewed again on 10 July 2025
by the page owner #operations-engineering-alerts
.
This page was set to be reviewed before 10 July 2025
by the page owner #operations-engineering-alerts.
This might mean the content is out of date.