Status: Draft

1.1 Purpose

Clarity is required on the following aspects:

• The process that the projects will follow regarding analyzing the known vulnerabilities
  • To address how a project can mark a known vulnerability as not impacting ONAP
  • What oversight is required
  • Address the case that the component used uses other components that have vulnerabilities.
• The polices in nexus IQ to make the vulnerability status more visible.

1.2 Known Vulnerability scanning

1.3 Nexus IQ policies