Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

Convert Compliance tabs to new CVSS 3.0 Standard from CVSS 2.0 or make it optional

Currently, InSpec is using the CVSS 3.0 standard for reporting the impact. Also according to this PR https://github.com/inspec/inspec/pull/3359 users can pass in none numeric values for the impact score. Automate should display this data in the same way in the compliance tab. Reference to CVSS Standard https://nvd.nist.gov/vuln-metrics/cvss 

  • John Snow
  • Mar 22 2019
  • Likely to implement
  • Attach files
  • Michael Chiang commented
    April 19, 2019 22:13

    This makes sense, let's look at priority of this. 

  • Zackary Maupin commented
    December 11, 2019 21:40

    I was very surprised to see these were using two different scales for the same thing. It would be hugely beneficial to sync them up with one standard.