django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

Support for npm audit v7+

Open valentijnscholten opened this issue 3 years ago • 5 comments

Scanner Name npm7 audit is not supported because it is missing lots of data in the reports: https://github.com/npm/npm-audit-report/issues/45

valentijnscholten avatar Apr 15 '21 18:04 valentijnscholten

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 21 '21 01:07 stale[bot]

Progress has been made, waiting for https://github.com/npm/metavuln-calculator/pull/34 to be merged.

valentijnscholten avatar Mar 30 '22 08:03 valentijnscholten

Hi, any update on this? The PR was merged and a new release made: https://github.com/npm/metavuln-calculator/releases/tag/v3.1.0

underrobyn avatar Apr 24 '22 14:04 underrobyn

They still don't include cve, but it seems it is hard for them to get that data and include it in the report. We could do a first implementation without cve. They also don't include any other id we could easily use, except that we could parse the url field and hope for the best.

valentijnscholten avatar Apr 25 '22 17:04 valentijnscholten

Some more info here:

https://github.com/jeemok/better-npm-audit#npm-version-6-and-7-and-8 https://uko.codes/dealing-with-npm-v7-audit-changes

valentijnscholten avatar Sep 14 '22 15:09 valentijnscholten

NPM Audit is already covered. I guess, this can be closed @mtesauro

manuel-sommer avatar Jan 21 '24 19:01 manuel-sommer

I don't think npm 7 or higher is supported by the parser.

valentijnscholten avatar Jan 21 '24 19:01 valentijnscholten

Do you have a sample file, then I will fix the parser ?

manuel-sommer avatar Jan 21 '24 20:01 manuel-sommer

I guess this can be closed @mtesauro

manuel-sommer avatar May 09 '24 10:05 manuel-sommer