II.
LibraryProcess overview
Reference · livelib-process:security-compliance--vulnerability-management
vulnerability-management overview
Vulnerability Management Lifecycle - Comprehensive end-to-end vulnerability management process covering continuous scanning, validation and triage, risk-based prioritization using CVSS/EPSS, remediation tracking, verification, and MTTD/MTTR metrics reporting. Implements industry best practices for managing security vulnerabilities across application portfolios with automated workflows and SLA tracking.
Attributes
displayName
vulnerability-management
description
Vulnerability Management Lifecycle - Comprehensive end-to-end vulnerability management process covering
continuous scanning, validation and triage, risk-based prioritization using CVSS/EPSS, remediation tracking,
verification, and MTTD/MTTR metrics reporting. Implements industry best practices for managing security
vulnerabilities across application portfolios with automated workflows and SLA tracking.
libraryPath
library/specializations/security-compliance/vulnerability-management.js
specialization
security-compliance
references
- - NIST SP 800-40: Vulnerability Management: https://csrc.nist.gov/publications/detail/sp/800-40/rev-4/final - CVSS v3.1 Specification: https://www.first.org/cvss/v3.1/specification-document - EPSS (Exploit Prediction Scoring System): https://www.first.org/epss/ - OWASP Vulnerability Management Guide: https://owasp.org/www-community/Vulnerability_Scanning_Tools - CIS Controls v8 - Vulnerability Management: https://www.cisecurity.org/controls/ - CISA Known Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
example
const result = await orchestrate('specializations/security-compliance/vulnerability-management', {
projectName: 'E-Commerce Platform',
assetScope: ['applications', 'infrastructure', 'containers', 'dependencies'],
scanTypes: ['sast', 'dast', 'sca', 'container', 'infrastructure', 'network'],
riskThreshold: 'high', // 'critical', 'high', 'medium', 'low'
complianceFrameworks: ['PCI-DSS', 'SOC2', 'ISO27001', 'NIST'],
prioritizationMethod: 'cvss-epss', // 'cvss', 'epss', 'cvss-epss', 'custom'
slaTargets: {
critical: { mttr: 24, unit: 'hours' },
high: { mttr: 7, unit: 'days' },
medium: { mttr: 30, unit: 'days' },
low: { mttr: 90, unit: 'days' }
},
autoRemediation: true,
continuousScanning: true,
falsePositiveManagement: true
});
usesAgents
- general-purpose
- vulnerability-triage-agent
- risk-scoring-agent
- remediation-guidance-agent
- patch-management-agent
usesSkills
- dependency-scanner
Outgoing edges
lib_applies_to_domain1
- domain:security·DomainSecurity
lib_belongs_to_specialization1
- specialization:security-compliance·Specialization
lib_implements_workflow1
- workflow:vulnerability-management·Workflow
uses_agent4
- lib-agent:security-compliance--vulnerability-triage-agent·LibraryAgentvulnerability-triage-agent
- lib-agent:security-compliance--risk-scoring-agent·LibraryAgentrisk-scoring-agent
- lib-agent:security-compliance--remediation-guidance-agent·LibraryAgentremediation-guidance-agent
- lib-agent:security-compliance--patch-management-agent·LibraryAgentpatch-management-agent
uses_skill1
- lib-skill:security-compliance--dependency-scanner·LibrarySkilldependency-scanner
Incoming edges
None.