EPSS score integration #4543
Replies: 4 comments 10 replies
-
Do you have more info on what the EPSS score is and who publishes them? |
Beta Was this translation helpful? Give feedback.
-
This would be great to include in the output of a scan. Example query: |
Beta Was this translation helpful? Give feedback.
-
Hello, As discussed this morning at Kubecon EU with @simar7, we need EPSS score with CVE score. It helps to review CVE score with another (security) perspective. cc: @AnaisUrlichs |
Beta Was this translation helpful? Give feedback.
-
Summarizing this thread for the record: We will not implement EPSS scoring natively in Trivy as we consider it out of scope of the Trivy project. The scope and other core principles are documented here. Specifically, EPSS falls under "Exploitability of the vulnerability" as mentioned here. |
Beta Was this translation helpful? Give feedback.
-
Question
I'm wondering if there is the ability to utilize EPSS scores along with (or in lieu of) only CVSS? Or if there are plans to begin to include these scores into the project?
Target
None
Scanner
Vulnerability
Output Format
None
Mode
None
Operating System
No response
Version
No response
Beta Was this translation helpful? Give feedback.
All reactions