Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Convert Compliance tabs to new CVSS 3.0 Standard from CVSS 2.0 or make it optional

Currently, InSpec is using the CVSS 3.0 standard for reporting the impact. Also according to this PR https://github.com/inspec/inspec/pull/3359 users can pass in none numeric values for the impact score. Automate should display this data in the same way in the compliance tab. Reference to CVSS Standard https://nvd.nist.gov/vuln-metrics/cvss 

  • John Snow
  • Mar 22 2019
  • Currently Declined
  • Attach files
  • Zackary Maupin commented
    December 11, 2019 21:40

    I was very surprised to see these were using two different scales for the same thing. It would be hugely beneficial to sync them up with one standard.

  • Michael Chiang commented
    April 19, 2019 22:13

    This makes sense, let's look at priority of this.