Move VAT query for development branch runs
This template is ONLY used for feature requests. Bug reporting or pipeline enhancement issues should use the other template options for issue submission.
Description
As a customer pointed out, we ran into a situation where a CVE was whitelisted, but on the first run of a development branch, the branch showed a CVE that was not whitelisted. Subsequent runs of the development branch, without any additional steps taken, properly showed the pipeline passing without issue.
CVE was approved at 12:15 MT, but upon the first pipeline run at approximately 3pm MT, it failed, so the pipeline should not have flagged the CVE as un-whitelisted.
We will work with VAT to work off of the raw CVE scan results. We will then move the CSV stage later in the pipeline, which will resolve this
Purpose
Plan
- VAT import would need to change to use raw scans instead of CSVs
- Move CSV stage later in the pipeline