docs: Add Pro vs OSS comparison for cross-product risk acceptances #13703
Conversation
| * **Cross-Product Risk Acceptances**: In DefectDojo Pro, you can apply a single Risk Acceptance across multiple Products. For example, if CVE-2024-1234 appears in 10 different products, you can create one Risk Acceptance that governs all instances of that CVE across your entire portfolio. | ||
| * **Bulk CVE Management**: Search for all Findings with a specific CVE or vulnerability ID, then apply a Risk Acceptance to all instances simultaneously, regardless of which Product they belong to. | ||
|
|
||
| **DefectDojo Open Source** implements Risk Acceptances at the Product level: |
There was a problem hiding this comment.
In OS the risk acceptances are at Engagement level.
There was a problem hiding this comment.
I'm the one that misspoke to @skywalke34 and told him it was Product level but, yeah, it's engagement level in Open Source.
There was a problem hiding this comment.
I wanted to extend it to the Product level, but I have received no feedback about it #12361 (comment)
So, do you agree to redo to the product level?
There was a problem hiding this comment.
I wanted to extend it to the Product level, but I have received no feedback about it #12361 (comment)
So, do you agree to redo to the product level?
We are going to keep risk acceptance at the engagement level in open source for the time being
mtesauro
left a comment
mtesauro
left a comment
There was a problem hiding this comment.
Approved.
Assuming @skywalke34 addresses the requested changes from @valentijnscholten
|
@paulOsinski can you please assist @skywalke34 with this PR? |
6 participants
Description
documentation update: Clarifying the differences between DefectDojo Pro and Open Source for cross-product risk acceptances. Specifically, Pro supports CVE-level risk acceptance across products while OSS only provides for product-level risk acceptances.