Skip to content

Release 3.0.2
Compare
Choose a tag to compare
@EdgewareRoad EdgewareRoad released this 28 May 12:02
· 34 commits to main since this release
3.0.2
72209fa

Release 3.0.2:

If the scan date is today, TrivySummary now omits the date from the EPSS Query as this
can sometimes cause issues if an explicit date of today is used (assume due to time
zones, calling this in the morning from the UK before the daily stats are generated).

Default output file is now, for a single input file, the same name and folder but with
a .pdf suffix. For the scenario where two input files are used, the default output
file path is the same as the input file but with name output.pdf.

If not in offline mode and there are errors experienced in calling the EPSS API, the
operation will simply fail with an error message, rather than creating a report.

Release 3.0.1:

Bug fixes

Release 3.0:

Massive update...

Simple EPSS/CVSS thresholds now replaced with a configurable priority model. Each
CVE is now prioritised based on one of three models:

  1. SEVERITYONLY
    As in previous versions, priority is simple the stated vendor severity
  2. RECTANGULAR
    Each of CRITICAL, HIGH or MEDIUM priorities set by minimum CVSS and EPSS values.
    Shown as colour bands on the graph view.
  3. ELLIPTICAL
    Similar to RECTANGULAR but based on an ellipse bounded by the stated CVSS / EPSS
    thresholds, giving a much more elegant view of distance from the top right hand
    corner of the graph.

Now defaults to querying for EPSS scores based on the scan date.
Supports --useTodayForEPSSQuery attribute to override this and force loading EPSS
scores for the report date.

BREAKING CHANGE: --failSeverityThreshold parameter now renamed --failPriorityThreshold
to reflect the change from a severity-only world to the new priority models
error code.

BREAKING CHANGE: --minimumCVSSToPrioritise and --minimumEPSSToPrioritise now removed,
replaced by the --priorityModel parameter

Assets 3
Loading