Read
permissions for the CVE category..csv
file.
To download a CVE report, open the channel’s Channel Details page, open the Manage dropdown, and select Download CVE Report. A notification displays to confirm that the report has been initiated. If you have applied filters to the channel’s CVE list, the report will contain filtered results.
For example, if you want a report containing a list of all the packages that pass your security threshold of “CVE score less than or equal to 8.0”, but still have an active or reported CVE, enter 8 as the CVE Score, adjust the filter to less than or equal to, select the Active and Reported statuses in the # Packages column, and then download the report.
7.0
, you will receive notifications whenever a package score increases to 7.0
or higher, or if a package score is reduced to 6.9
or lower.
You will also receive notifications if a package score that already exceeds your threshold increases further. For example, you will receive a notification if a package score of 7.1
increases to 7.8
.
To view a channel’s CVE notifications:
From the channel details page, select the CVE Notifications tab. Expand a notification to view the full details of the CVE changes.
http(s)://<FQDN>/swagger/ui
, replacing <FQDN>
with your Package Security Manager fully qualified domain name.
The following is a list of available endpoints you can use to list and view CVEs in Package Security Manager:
.zip
files through Amazon Web Services (AWS) Simple Storage Service (S3) buckets. You can download the files you need on a allowlisted workstation with access to the internet, then move the files to the air-gapped network. Your public IP address is initially allowlisted during installation of Package Security Manager. If you need to allowlist a new IP address, contact Anaconda technical support.