Spike: Understand how we may access CVE IDs for security findings

Objective

Investigate how to associate CVE enrichment data with Security::Finding to enable EPSS/KEV access in MRs and policies.

Investigation Tasks

• Compare CVE ID extraction methods between both finding models
• Analyze existing enrichment association in Vulnerabilities::Finding
• Identify required changes to Security::Finding model
• Document database schema modifications needed
• Assess performance impact on security finding queries

Output

Technical design proposal with implementation plan for enabling KEV filtering in MR approval policies.

Give feedback to improve this answer