NIST SSDF: RV — Vulnerability Analysis
warningssdf_rv_vulnerability_analysis
Releases are continuously analyzed to identify vulnerabilities (RV.1).
Formula
G(Release → P(vuln_analysis))Why it matters
SSDF RV.1: identify and confirm vulnerabilities on an ongoing basis, including monitoring of third-party components.
Examples
passes the practice's evidence is present
fails the required secure-development step is absent
Use it
ponens policies add ssdf_rv_vulnerability_analysis --into ./trace.json
ponens trace check ./trace.json