10000 Add EPSS metrics to grype results · Issue #1973 · anchore/grype · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add EPSS metrics to grype results #1973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TimBrown1611 opened this issue Jul 2, 2024 · 1 comment · Fixed by #2587
Closed

Add EPSS metrics to grype results #1973

TimBrown1611 opened this issue Jul 2, 2024 · 1 comment · Fixed by #2587
Assignees
@wagoodman
Labels
enhancement New feature or request

Comments

@TimBrown1611
Copy link

What would you like to be added:
for each CVE provide also the epss score based on this - https://www.first.org/epss/
Why is this needed:
calculate better the risk for each CVE
Additional context:
@TimBrown1611 TimBrown1611 added the enhancement New feature or request label Jul 2, 2024
@wagoodman wagoodman mentioned this issue Sep 17, 2024
Closed
7 tasks
@kzantow kzantow mentioned this issue Sep 18, 2024
Closed
@willmurphyscode willmurphyscode moved this to Backlog in OSS Oct 9, 2024
@wagoodman wagoodman moved this from Backlog to Ready in OSS Feb 19, 2025
This was referenced Feb 20, 2025
Merged
Merged
Merged
@wagoodman wagoodman moved this from Ready to In Progress in OSS Apr 9, 2025
@wagoodman wagoodman self-assigned this Apr 9, 2025
@wagoodman wagoodman changed the title epss score in grype results Add EPSS metrics to grype results Apr 9, 2025
@wagoodman
Copy link
Contributor

A couple months back the EPSS data was added to the JSON output:

grype -q pkg:npm/axios@1.8.1 -o json | jq '.matches[].vulnerability.epss'

[
  {
    "cve": "CVE-2025-27152",
    "epss": 0.00052,
    "percentile": 0.13246,
    "date": "2025-04-07"
  }
]

I'll also update the table output as described here with the EPSS percentile as well as a risk score that is derived from the EPSS score and severity info.

@wagoodman wagoodman mentioned this issue Apr 9, 2025
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in OSS May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add risk score to results and sort by risk by default anchore/grype
2 participants
@wagoodman @TimBrown1611
0