vulcan-checks icon indicating copy to clipboard operation
vulcan-checks copied to clipboard

Published 20 hours ago verified publisher icon adevinta

Improve github-alerts by adding the paths

Open jesusfcr opened this issue 11 months ago • 0 comments

  • Adds the column Paths with the path/version where the dependency was found.
  • Removes columns already in the affected resource.
  • Removes useless sort as we create one vulnerability per dependency.

Comparison from lava outputs

Current:

TARGET: https://github.mpi-internal.com/spt-security/hardened-docker-container.git
AFFECTED RESOURCE: PIP:cryptography
SUMMARY: Vulnerable Code Dependencies in Github Repository

DESCRIPTION:
  Dependencies used by the code in this Github repository have published security vulnerabilities.
  You can find more specific information in the resources table for the repository.

IMPACT:
  The vulnerable dependencies may be introducing vulnerabilities into the software that uses them.

RECOMMENDATIONS:
  - Update the dependency to at least the minimum recommended version in the resources table.

Vulnerable Dependencies:
  Dependency: cryptography
  Ecosystem: PIP
  Vulnerabilities: 15
  Max. Severity: HIGH
  Min. Recommended Version: 41.0.2
  References: [1](https://github.com/advisories/GHSA-hggm-jpg3-v476),
              [2](https://github.com/advisories/GHSA-hggm-jpg3-v476),
              [3](https://github.com/advisories/GHSA-hggm-jpg3-v476),

New

TARGET: https://github.mpi-internal.com/spt-security/hardened-docker-container.git
AFFECTED RESOURCE: PIP:cryptography
SUMMARY: Vulnerable Code Dependencies in Github Repository

DESCRIPTION:
  Dependencies used by the code in this Github repository have published security vulnerabilities.
  You can find more specific information in the resources table for the repository.

IMPACT:
  The vulnerable dependencies may be introducing vulnerabilities into the software that uses them.

RECOMMENDATIONS:
  - Update the dependency to at least the minimum recommended version in the resources table.

Vulnerable Dependencies:
  Paths: build/requirements.txt:'= 2.9.2' ubuntu/build/requirements.txt:'= 2.9.2'
         alpine/build/requirements.txt:'= 2.9.2'
  Vulnerabilities: 15
  Max. Severity: HIGH
  Min. Recommended Version: 41.0.2
  References: [1](https://github.com/advisories/GHSA-hggm-jpg3-v476),
              [2](https://github.com/advisories/GHSA-hggm-jpg3-v476),
              [3](https://github.com/advisories/GHSA-hggm-jpg3-v476),

jesusfcr avatar Jul 27 '23 11:07 jesusfcr