-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows vulnerability scanning #1672
Comments
can be very useful! |
Yup @tomerse-sg, all changes collected in our backlog tickets are changes that will be part of the open source codebase. |
not sure it is accurate. |
will discuss this with the rest of the team on Monday and provide the details. thanks for addressing this @tomerse-sg |
you can find some information on the challenge here |
we have discussed this and decided not to continue with it as it would require adding new services to the stack and extensive changes to our SBOM analyzer. if it's something you would like to use, feel free to create or contribute by writing a custom Windows Vulnerability Plugin scanner. the existing vulnerability scanning for Windows is good enough for us at the moment. |
Overview
The SBOM analyzer for Windows works and can collect details about user- and system- applications and updates. We should be able to perform vulnerability scanning on Windows-generated SBOM.
Windows vulnerability scanner can be implemented as a custom scanner plugin. Make sure to also add support for passing SBOM data from the Windows SBOM analyzer to the plugin.
The text was updated successfully, but these errors were encountered: