OWASP dependency check

Open gnespolino opened this issue 3 years ago • 0 comments

Expected: add owasp dependency check plugin to package.json

  "scripts": {
    ...
    "owasp": "owasp-dependency-check --project \"YOUR PROJECT NAME\" -f HTML JSON",
    ...
  },

Current output:

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
async:0.2.10	cpe:2.3:a:async_project:async:0.2.10:::::::*	pkg:npm/[email protected]	HIGH	1	Highest	7
async:0.9.2	cpe:2.3:a:async_project:async:0.9.2:::::::*	pkg:npm/[email protected]	HIGH	1	Highest	7
async:1.5.2	cpe:2.3:a:async_project:async:1.5.2:::::::*	pkg:npm/[email protected]	HIGH	1	Highest	7
braces:0.1.5	cpe:2.3:a:braces_project:braces:0.1.5:::::::*	pkg:npm/[email protected]	MEDIUM	3	Highest	9
braces:1.8.5	cpe:2.3:a:braces_project:braces:1.8.5:::::::*	pkg:npm/[email protected]	MEDIUM	1	Highest	8
browserslist:1.7.7	cpe:2.3:a:browserslist_project:browserslist:1.7.7:::::::*	pkg:npm/[email protected]	MEDIUM	1	Highest	6
color-string:0.3.0	cpe:2.3:a:color-string_project:color-string:0.3.0:::::::*	pkg:npm/[email protected]	MEDIUM	2	Highest	6
debug:2.2.0	cpe:2.3:a:debug_project:debug:2.2.0:::::::*	pkg:npm/[email protected]	MEDIUM	1	Highest	6
debug:2.3.3	cpe:2.3:a:debug_project:debug:2.3.3:::::::*	pkg:npm/[email protected]	MEDIUM	2	Highest	6
engine.io:1.8.3	cpe:2.3:a:socket:engine.io:1.8.3:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	7
faye-websocket:0.10.0	cpe:2.3:a:faye-websocket_project:faye-websocket:0.10.0:::::::*	pkg:npm/[email protected]	HIGH	1	Highest	8
getobject:0.1.0	cpe:2.3:a:getobject_project:getobject:0.1.0:::::::*	pkg:npm/[email protected]	CRITICAL	2	Highest	9
glob-parent:2.0.0		pkg:npm/[email protected]	HIGH	2		8
grunt-cli:1.4.3	cpe:2.3:a:gruntcli_project:gruntcli:1.4.3:::::::*	pkg:npm/[email protected]	HIGH	1	Low	6
grunt-karma:2.0.0		pkg:npm/[email protected]	HIGH	1		6
is-svg:2.1.0	cpe:2.3:a:is-svg_project:is-svg:2.1.0:::::::*	pkg:npm/[email protected]	HIGH	4	Highest	8
js-yaml:3.7.0	cpe:2.3:a:js-yaml_project:js-yaml:3.7.0:::::::*	pkg:npm/[email protected]	high	2	Highest	7
karma:1.7.1	cpe:2.3:a:karma_project:karma:1.7.1:::::::*	pkg:npm/[email protected]	MEDIUM	4	Highest	8
loader-utils:0.2.17		pkg:npm/[email protected]	HIGH	1		6
loader-utils:1.4.0		pkg:npm/[email protected]	HIGH	1		6
lodash:3.10.1	cpe:2.3:a:lodash:lodash:3.10.1:::::::*	pkg:npm/[email protected]	CRITICAL	14	Highest	7
log4js:0.6.38	cpe:2.3:a:log4js_project:log4js:0.6.38:::::::*	pkg:npm/[email protected]	MEDIUM	2	Highest	7
minimist:0.0.10	cpe:2.3:a:substack:minimist:0.0.10:::::::*	pkg:npm/[email protected]	CRITICAL	4	Highest	9
open:0.0.5		pkg:npm/[email protected]	critical	1		8
parsejson:0.0.3	cpe:2.3:a:parsejson_project:parsejson:0.0.3:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	7
postcss:5.2.18	cpe:2.3:a:postcss:postcss:5.2.18:::::::*	pkg:npm/[email protected]	HIGH	3	Highest	7
postcss:6.0.23	cpe:2.3:a:postcss:postcss:6.0.23:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	7
serialize-javascript:1.9.1		pkg:npm/[email protected]	high	4		8
shelljs:0.3.0	cpe:2.3:a:shelljs_project:shelljs:0.3.0:::::::*	pkg:npm/[email protected]	HIGH	3	Highest	7
simple-get:3.1.1	cpe:2.3:a:simple-get_project:simple-get:3.1.1:::::::*	pkg:npm/[email protected]	HIGH	1	Highest	10
socket.io-parser:2.3.1	cpe:2.3:a:socket:socket.io-parser:2.3.1:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	5
socket.io:1.7.3	cpe:2.3:a:socket:socket.io:1.7.3:::::::*	pkg:npm/[email protected]	MEDIUM	2	Highest	5
ssri:5.3.0	cpe:2.3:a:ssri_project:ssri:5.3.0:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	8
webpack-dev-server:1.16.5	cpe:2.3:a:webpack.js:webpack-dev-server:1.16.5:::::::*	pkg:npm/[email protected]	HIGH	2	Highest	7
ws:1.1.2	cpe:2.3:a:ws_project:ws:1.1.2:::::::*	pkg:npm/[email protected]	high	1	Highest	6
xmlhttprequest-ssl:1.5.3	cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:1.5.3:::::::*	pkg:npm/[email protected]	CRITICAL	3	Highest	7

Oct 07 '22 17:10 gnespolino