Responding to Dependency Alerts
If a vulnerability is identified by the CVE scanning process, the following steps should be taken to mitigate:
Create a ticket relating to the vulnerability on the Github Projects board and add it to the current sprint.
Check to see if a patched version of the software exists using available documentation.
If a patched version of the software exists, patch the vulnerability and rerun the daily check.
If a patched version of the software doesn’t exist, conduct further investigation into the vulnerability and communicate with the team for further escalation.
This page was last reviewed on 1 October 2024.
It needs to be reviewed again on 1 January 2025
by the page owner #operations-engineering-alerts
.
This page was set to be reviewed before 1 January 2025
by the page owner #operations-engineering-alerts.
This might mean the content is out of date.