How to manage my vulnerability scan reports efficiently
My company uses multiple tools for vulnerability scanning. We have Nessus Pro for network scanning, White Source Bolt and GitHub Dependabot for dependencies, and SonarQube for source code, and Burp Suite Pro for web applications.
These make us very complicated when clients or my executives or internal auditors ask us to provide the evidence of how efficient we conduct the vulnerability scanning. The efficiency evidence, not just to provide the Policy & Procedure for paperwork.
Initially, we expect to have the vulnerability reports stored on Google Drive by the respective periodical, folders organized by year-month. For example, network vulnerability reports by month, application vulnerability reports by release. I assume all vulnerabilities were remediated through a defined set of Policy & Procedures with the remediation verification report.
How to manage my vulnerability scan reports efficiently. We are not a business that just says "yes" or "no" when asked about security.
