Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce the “Assistant” domain + provide a simple support for vulnerability descriptions #3708

Open
6 tasks
Tracked by #3707
de-jcup opened this issue Dec 6, 2024 · 0 comments
Open
6 tasks
Tracked by #3707

Introduce the “Assistant” domain + provide a simple support for vulnerability descriptions #3708

de-jcup opened this issue Dec 6, 2024 · 0 comments

Comments

@de-jcup
Copy link
Member

de-jcup commented Dec 6, 2024

Situation

We have situations when users are a little bit lost when they got only the CWE-Id and the generic mitre website description for a finding.

Wanted

As a user I want to be able to call an assistant at SecHub side which describes me a finding in a report in a human readable form.

Solution

Steps to do

  • We introduce a new domain "assistant" inside SecHub server
    (Reason for new domain: Could be in future an own deployment unit)
  • Create a concept documentation
  • Create CRUD usecases for administrators (GET for project users)
  • Provide database storage of description based for CWE and programming languages
  • GET call resolves internal information for report finding and provides a description. If description is not available, a fallback message will be returned
  • Integration test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@de-jcup