Thanks for the detailed response.
To confirm, is the only way to validate that a vulnerability (e.g., in snakeyaml) does not affect Jenkins is to check that there is no advisory for it?
Thanks for the detailed response.
To confirm, is the only way to validate that a vulnerability (e.g., in snakeyaml) does not affect Jenkins is to check that there is no advisory for it?