vulcan-checks
vulcan-checks copied to clipboard
Improve github-alerts by adding the paths
- Adds the column Paths with the path/version where the dependency was found.
- Removes columns already in the affected resource.
- Removes useless sort as we create one vulnerability per dependency.
Comparison from lava outputs
Current:
TARGET: https://github.mpi-internal.com/spt-security/hardened-docker-container.git
AFFECTED RESOURCE: PIP:cryptography
SUMMARY: Vulnerable Code Dependencies in Github Repository
DESCRIPTION:
Dependencies used by the code in this Github repository have published security vulnerabilities.
You can find more specific information in the resources table for the repository.
IMPACT:
The vulnerable dependencies may be introducing vulnerabilities into the software that uses them.
RECOMMENDATIONS:
- Update the dependency to at least the minimum recommended version in the resources table.
Vulnerable Dependencies:
Dependency: cryptography
Ecosystem: PIP
Vulnerabilities: 15
Max. Severity: HIGH
Min. Recommended Version: 41.0.2
References: [1](https://github.com/advisories/GHSA-hggm-jpg3-v476),
[2](https://github.com/advisories/GHSA-hggm-jpg3-v476),
[3](https://github.com/advisories/GHSA-hggm-jpg3-v476),
New
TARGET: https://github.mpi-internal.com/spt-security/hardened-docker-container.git
AFFECTED RESOURCE: PIP:cryptography
SUMMARY: Vulnerable Code Dependencies in Github Repository
DESCRIPTION:
Dependencies used by the code in this Github repository have published security vulnerabilities.
You can find more specific information in the resources table for the repository.
IMPACT:
The vulnerable dependencies may be introducing vulnerabilities into the software that uses them.
RECOMMENDATIONS:
- Update the dependency to at least the minimum recommended version in the resources table.
Vulnerable Dependencies:
Paths: build/requirements.txt:'= 2.9.2' ubuntu/build/requirements.txt:'= 2.9.2'
alpine/build/requirements.txt:'= 2.9.2'
Vulnerabilities: 15
Max. Severity: HIGH
Min. Recommended Version: 41.0.2
References: [1](https://github.com/advisories/GHSA-hggm-jpg3-v476),
[2](https://github.com/advisories/GHSA-hggm-jpg3-v476),
[3](https://github.com/advisories/GHSA-hggm-jpg3-v476),