Vulnerability scanner is generating an alert for CIS-CAT Pro Assessor
Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.x.x+
Date
Jun 28, 2023
Problem
Our third-party vulnerability scanner is generating an alert for CIS-CAT Pro Assessor.
Solution
Each release of CIS-CAT Pro Assessor includes key information in in the changelog section of the online documentation:
7. Change Log - CIS-CAT Pro Assessor v4
CIS-CAT now delivers with a Software Bill of Materials (SBOM) located in the documentation directory (
Assessor-CLI\Documentation\SBOM_CIS_CAT_Pro_Assessor
)An updated README.txt document (
Assessor-CLI\README.txt
) with the list of suppressed third party security vulnerabilities from dependent libraries.
The README.txt will list third-party dependent libraries which may appear on vulnerability reports. CIS-CAT implements a vulnerability scanning process during all build implementations. In some cases, it is necessary to suppress false positives or vulnerabilities caused by libraries pending updates by third parties.
CIS Engineering completes weekly scans to check if they can remove any suppressions and upgrade as the libraries get updated by the third parties.
If you still have questions or concerns please reach to Support (cisecurity.org/support) with the specific details of your alert as well as the version of CIS-CAT Pro Assessor
Keywords;
Content by Label