Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Expand vulnerability_finding and vulnerability to cover ASPM/AppSec-related findings #1356

Open
jonrau-at-queryai opened this issue Mar 2, 2025 · 0 comments · May be fixed by #1357
Open

Expand vulnerability_finding and vulnerability to cover ASPM/AppSec-related findings #1356

jonrau-at-queryai opened this issue Mar 2, 2025 · 0 comments · May be fixed by #1357
Assignees
@jonrau-at-queryai
Labels
enhancement New feature or request findings Issues related to Findings Category v1.5.0 Items to be considered for OCSF v1.5.0

Comments

@jonrau-at-queryai
Copy link
Contributor

Application Security Posture Management (ASPM) tools such as OX Security report much deeper details related to vulnerability findings, such as the OX Issue. The current Vulnerability Finding event class and Vulnerabilities object are simplistic in the sense they normalize against TVM tools.

As far as ASPM vulnerability details are concerned, the following attributes are typically available:

  • Compliance-related mappings
  • SBOMs
  • Exploit details such as the link, categorization, and requirement descriptions
  • Dependency chains or dependency graphs
  • Policies
@jonrau-at-queryai jonrau-at-queryai added enhancement New feature or request findings Issues related to Findings Category v1.5.0 Items to be considered for OCSF v1.5.0 labels Mar 2, 2025
@jonrau-at-queryai jonrau-at-queryai self-assigned this Mar 2, 2025
@jonrau-at-queryai jonrau-at-queryai linked a pull request Mar 2, 2025 that will close this issue
Open
@jonrau-at-queryai jonrau-at-queryai linked a pull request Mar 2, 2025 that will close this issue
Extend OCSF schema for ASPM Findings #1357
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@jonrau-at-queryai jonrau-at-queryai

Labels
enhancement New feature or request findings Issues related to Findings Category v1.5.0 Items to be considered for OCSF v1.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Extend OCSF schema for ASPM Findings jonrau-at-queryai/ocsf-schema
1 participant
@jonrau-at-queryai