django-DefectDojo
django-DefectDojo copied to clipboard
Support for npm audit v7+
Scanner Name npm7 audit is not supported because it is missing lots of data in the reports: https://github.com/npm/npm-audit-report/issues/45
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Progress has been made, waiting for https://github.com/npm/metavuln-calculator/pull/34 to be merged.
Hi, any update on this? The PR was merged and a new release made: https://github.com/npm/metavuln-calculator/releases/tag/v3.1.0
They still don't include cve
, but it seems it is hard for them to get that data and include it in the report. We could do a first implementation without cve
.
They also don't include any other id
we could easily use, except that we could parse the url
field and hope for the best.
Some more info here:
https://github.com/jeemok/better-npm-audit#npm-version-6-and-7-and-8 https://uko.codes/dealing-with-npm-v7-audit-changes
NPM Audit is already covered. I guess, this can be closed @mtesauro
I don't think npm 7 or higher is supported by the parser.
Do you have a sample file, then I will fix the parser ?
I guess this can be closed @mtesauro