Mantis as a Vulnerability Tracking Tool?
Posted: 02 Jan 2022, 23:18
Hi Everyone,
We are trying to locate a tool that allows us to track bugs and security vulnerabilities from external tools like GitHub, Coverity and Veracode. Because external tools generate the finding, we need some sort of integration, whether it is an API or webhook. And the rub with vulnerabilities is, there's often a Severity, SLA, CVE, CWE or weakness associated with the report, so we need to track the source and the CWE(s) and CVE(s), too.
I'm hoping Mantis fits the bill. I've used it in the past for standard bug tracking and I really liked it. I also like that Mantis (a) is open source, (b) has a community to ask questions, and (c) runs on just about any modern Linux platform. This is opposed to solutions like DefectDojo, that does not have a mailing list or forums, and only runs on bleeding-edge developer machines.
We are willing to modify Mantis and contribute back the changes so the features are available to all users, and not just our team. Our team includes vulnerability researchers who regularly test free and open source software with tools like Coverity and Veracode.
My question is, has anyone had success in using Mantis as a vulnerability tracking tool?
We are trying to locate a tool that allows us to track bugs and security vulnerabilities from external tools like GitHub, Coverity and Veracode. Because external tools generate the finding, we need some sort of integration, whether it is an API or webhook. And the rub with vulnerabilities is, there's often a Severity, SLA, CVE, CWE or weakness associated with the report, so we need to track the source and the CWE(s) and CVE(s), too.
I'm hoping Mantis fits the bill. I've used it in the past for standard bug tracking and I really liked it. I also like that Mantis (a) is open source, (b) has a community to ask questions, and (c) runs on just about any modern Linux platform. This is opposed to solutions like DefectDojo, that does not have a mailing list or forums, and only runs on bleeding-edge developer machines.
We are willing to modify Mantis and contribute back the changes so the features are available to all users, and not just our team. Our team includes vulnerability researchers who regularly test free and open source software with tools like Coverity and Veracode.
My question is, has anyone had success in using Mantis as a vulnerability tracking tool?