Release 3.0.3:
Fixed bug caused by EPSS API changing response format - now ignores new fields
Better diagnostics in exception conditions (separate message for files not found, error trace when EPSS API
generates exception)
Release 3.0.2:
If the scan date is today, TrivySummary now omits the date from the EPSS Query as this
can sometimes cause issues if an explicit date of today is used (assume due to time
zones, calling this in the morning from the UK before the daily stats are generated).
Default output file is now, for a single input file, the same name and folder but with
a .pdf suffix. For the scenario where two input files are used, the default output
file path is the same as the input file but with name output.pdf.
If not in offline mode and there are errors experienced in calling the EPSS API, the
operation will simply fail with an error message, rather than creating a report.
Release 3.0.1:
Bug fixes
Release 3.0:
Massive update...
Simple EPSS/CVSS thresholds now replaced with a configurable priority model. Each
CVE is now prioritised based on one of three models:
- SEVERITYONLY
As in previous versions, priority is simple the stated vendor severity - RECTANGULAR
Each of CRITICAL, HIGH or MEDIUM priorities set by minimum CVSS and EPSS values.
Shown as colour bands on the graph view. - ELLIPTICAL
Similar to RECTANGULAR but based on an ellipse bounded by the stated CVSS / EPSS
thresholds, giving a much more elegant view of distance from the top right hand
corner of the graph.
Now defaults to querying for EPSS scores based on the scan date.
Supports --useTodayForEPSSQuery attribute to override this and force loading EPSS
scores for the report date.
BREAKING CHANGE: --failSeverityThreshold parameter now renamed --failPriorityThreshold
to reflect the change from a severity-only world to the new priority models
error code.
BREAKING CHANGE: --minimumCVSSToPrioritise and --minimumEPSSToPrioritise now removed,
replaced by the --priorityModel parameter