Link Search Menu Expand Document
OpenRMF Professional Help

Other Technology Vulnerabilities

Along with SCAP scans and Audit Compliance scans that can generate checklist data and host patch scans that can generate operating system vulnerabilities, there are other vulnerabilities you may need to track. Those include vulnerabilities from dynamic and static software scans (SonarQube, Fortify, Burp, etc.), container scans (Anchore, Prisma, Trivy, etc.), log scans, infrastructure as code scans, and other types of technology scans and data.

Use the Technology Vulnerabilities area of OpenRMF® Professional to help track that data for your system package as well. This could be for traditional software development efforts, automated software factories, DevSecOps pipelines and similar efforts where containers and software development are in use. It can also be for normal operation networks that employ containers or that manage logs and look for vulnerabilities in all their data collected.

Technology Vulnerability Management Process

The other technology scans and vulnerabilities may happen multiple times a day, once a day, once a week or on some other schedule. Based on your schedule of updated data, you can import or export/transform/import the data into OpenRMF® Professional with our Import area, Upload area or even through our external API that allows upload scan results files or POSTing JSON data to update technology vulnerability data.

Importing Scan Results

For SonarQube and Fortify, you can directly import the data and add it to your system package for tracking, POAM, and reporting capabilities. The Importing Technology Vulnerability Scans Help area has more information on this feature.

Uploading Scan Results

For those that do not have direct connections to one of the scanning tools we have integrated, you can export the results and then put them into a format that OpenRMF® Professional can ingest. The Loading Technology Vulnerability Scans Help area has more information on uploading technology vulnerability data.

Additionally, you can view the Developers Guide to see how to POST raw JSON data to OpenRMF® Professional to get the technology vulnerability into the application.

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM