CIS-CAT now delivers with a Software Bill of Materials (SBOM) located in the documentation directory (Assessor-CLI\Documentation\SBOM_CIS_CAT_Pro_Assessor)
An updated README.txt document (Assessor-CLI\README.txt) with the list of suppressed third party security vulnerabilities from dependent libraries.
The README.txt will list third-party dependent libraries which may appear on vulnerability reports. CIS-CAT implements a vulnerability scanning process during all build implementations. In some cases, it is necessary to suppress false positives or vulnerabilities caused by libraries pending updates by third parties.
CIS Engineering completes weekly scans to check if they can remove any suppressions and upgrade as the libraries get updated by the third parties.
If you still have questions or concerns please reach to Support (cisecurity.org/support) with the specific details of your alert as well as the version of CIS-CAT Pro Asssessor