Technology Vulnerability Scan Help Information

The Technology Vulnerability Scans are linked to software scans, container scans, log scans or other scans of information technology (IT) products that are not directly a SCAP scan or checklist or a host based patch vulnerability scan like Nessus. The vulnerability information uploaded or imported is marked as critical, high, medium, low or informational and gives information about their security implications and their current status on being fixed or mitigated. The Technology Vulnerability Scan sections of OpenRMF^® Professional are listed below for more information.

Explaining Technology Vulnerability Scans

Technology Vulnerability Scans and their results are used to track update and vulnerability issues within software, container, logging or other IT areas. To view more detailed information visit the Technology Vulnerability Scan Explained Help.

Importing Technology Vulnerability Scans

For Fortify and SonarQube you can have OpenRMF^® Professional directly import vulnerability data through our integration screens. You setup the main URL, the project infromation and the login information to connect and import directly from those scanning tools. To view more detailed information visit the Importing Technology Vulnerability Scans Help.

Loading Technology Vulnerability Scans

To have OpenRMF^® Professional use the scan data, you can load a Trivy .json image scan results file, Burp .xml results file, or generic .json file matching to the general structure we ingest, into the specific system package. You specify the type of file (Software, Container, Log, Other) and allow it to process and score the data. To view more detailed information visit the Loading Technology Vulnerability Scans Help.

Viewing Technology Vulnerability Scans

You can view the technology vulnerability scans and the scan score information linked off the system package page. This will list all categories, sources, and projects and their scores as well as the individual vulnerabilities that are causing the issues to appear. To view more detailed information visit the Viewing Technology Vulnerability Scans Help.

Explaining Technology Vulnerability Score

Technology Vulnerability Scan data also generates a score, specifically a System Package Technology Vulnerability Score. This shows the number of items that are problems with the software, container, log or other scan vulnerability data in your system package and their severity. To view more detailed information visit the Technology Vulnerability Score Explained Help.