Skip to main content

Responding to Dependency Alerts

If a vulnerability is identified by the CVE scanning process, the following steps should be taken to mitigate:

  • Create a ticket relating to the vulnerability on the Github Projects board and add it to the current sprint.

  • Check to see if a patched version of the software exists using available documentation.

  • If a patched version of the software exists, patch the vulnerability and rerun the daily check.

  • If a patched version of the software doesn’t exist, conduct further investigation into the vulnerability and communicate with the team for further escalation.

This page was last reviewed on 26 June 2024. It needs to be reviewed again on 26 September 2024 by the page owner #operations-engineering-alerts .
This page was set to be reviewed before 26 September 2024 by the page owner #operations-engineering-alerts. This might mean the content is out of date.