Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.x.x+
Date
Problem
| Info |
|---|
Our third-party vulnerability scanner is generating an alert for CIS-CAT Pro Assessor. |
Solution
Each release of CIS-CAT Pro Assessor includes key information in in the changelog section of the online documentation Change Log - CIS-CAT Pro Assessor v4 (ccpa-docs.readthedocs.io):
https://ciscat-assessor.docs.cisecurity.org/en/latest/Change%20Log/
CIS-CAT now delivers with a Software Bill of Materials (SBOM) located in the documentation directory (
Assessor-CLI\Documentation\SBOM_CIS_CAT_Pro_Assessor)An updated README.txt document (
Assessor-CLI\README.txt) with the list of suppressed third party security vulnerabilities from dependent libraries.
The README.txt will list third-party dependent libraries which may appear on vulnerability reports. CIS-CAT implements a vulnerability scanning process during all build implementations. In some cases, it is necessary to suppress false positives or vulnerabilities caused by libraries pending updates by third parties.
| Tip |
|---|
CIS Engineering completes weekly scans to check if they can remove any suppressions and upgrade as the libraries get updated by the third parties. |
| Info |
|---|
If you still have questions or concerns please reach to Support (cisecurity.org/support) with the specific details of your alert as well as the version of CIS-CAT Pro AsssessorAssessor |
Keywords;
Content by Label
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|
| Page Properties | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|