CVSS Score - CI/CD用語集の定義
CVSS score (Common Vulnerability Scoring System) は、攻撃ベクトルや影響などの要素から、脆弱性の深刻度を0から10のスケールで評価します。CIのscannerは閾値 (例: 7.0以上の "High" で失敗) を用いて、深刻なCVEに対してbuildをゲートします。
関連ガイド
CVE - CI/CD Glossary DefinitionA CVE is a public, uniquely numbered identifier for one known security vulnerability, letting tools and teams…
Image Vulnerability - CI/CD Glossary DefinitionAn image vulnerability is a known security flaw in a container image’s OS packages or libraries, surfaced by…
Least Privilege - CI/CD Glossary DefinitionLeast privilege grants each identity only the permissions it actually needs and no more, so a leaked CI crede…