Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.x.x+
Date
Problem
Info |
---|
Our third-party vulnerability scanner is generating an alert for CIS-CAT Pro Assessor. |
Solution
Each release of CIS-CAT Pro Assessor includes key information in in the changelog section of the online documentation Change Log - CIS-CAT Pro Assessor v4 (ccpa-docs.readthedocs.io):
https://ciscat-assessor.docs.cisecurity.org/en/latest/Change%20Log/
CIS-CAT now delivers with a Software Bill of Materials (SBOM) located in the documentation directory (
Assessor-CLI\Documentation\SBOM_CIS_CAT_Pro_Assessor
)An updated README.txt document (
Assessor-CLI\README.txt
) with the list of suppressed third party security vulnerabilities from dependent libraries.
The README.txt will list third-party dependent libraries which may appear on vulnerability reports. CIS-CAT implements a vulnerability scanning process during all build implementations. In some cases, it is necessary to suppress false positives or vulnerabilities caused by libraries pending updates by third parties.
Tip |
---|
CIS Engineering completes weekly scans to check if they can remove any suppressions and upgrade as the libraries get updated by the third parties. |
Info |
---|
If you still have questions or concerns please reach to Support (cisecurity.org/support) with the specific details of your alert as well as the version of CIS-CAT Pro AsssessorAssessor |
Keywords;
Content by Label
Filter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|
Page Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|