NexusIQ Known Vulnerability Process

Status: Draft

1.1 Purpose

Clarity is required on the following aspects:

• The process that the projects will follow regarding analyzing the known vulnerabilities

  • To address how a project can mark a known vulnerability as not impacting ONAP

  • What oversight is required

  • Address the case that the component used uses other components that have vulnerabilities.

• The polices in nexus IQ to make the vulnerability status more visible.

1.2 Known Vulnerability scanning

1.3 Nexus IQ policies