GitHub Community
Introducing EPSS in Dependabot Alerts 🚀 #152309
Unanswered
ghostinhershell
asked this question in
Code Security
Replies: 1 comment
-
|
Hi, is there a chance that in future updates will be possible to configure Dependabot to score severity depending on EPSS as well? To use this table for example:
And calculate average severity depending on both cvss and epss for more accurate vulnerability ranking and less false positivity? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We are excited to announce that Dependabot alerts now feature the Exploit Prediction Scoring System (EPSS) from the global Forum of Incident Response and Security Teams (FIRST). This enhancement will help you better assess and prioritize vulnerability risks in your dependencies.
What is EPSS?
EPSS scores predict the likelihood of a vulnerability being exploited. The scores range from 0 to 1 (0 to 100%), where higher scores indicate a higher risk of exploitation. Additionally, we display the EPSS score percentile, which shows how a vulnerability compares to others in terms of exploitation likelihood.
How to Interpret EPSS Scores
For example, a vulnerability with a 90.534% EPSS score at the 95th percentile means:
There is a 90.534% chance that the vulnerability will be exploited within the next 30 days.
Availability
This feature is available on GitHub.com today and will be included in GitHub Enterprise Server starting with version 3.17.
Learn More
Stay secure with the new EPSS integration in Dependabot alerts!
Beta Was this translation helpful? Give feedback.
All reactions