steady
steady copied to clipboard
eclipse
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclip...
**Which entry point should I specify(Steady-CLI 3.2.5)?** I'm just tried with specifying main class in pom, but it didn't work (vulas.reach.sourceDir = app). Also i tried just point to src...
Added unit tests to test updated Soot on a Java 17 compiled JAR #### `TODO`s - [x] Tests - [ ] Documentation
Updated soot version to 4.4.1 as the previously used (4.1.0) didn't support JDK 17.
**Is your feature request related to a problem? Please describe.** No. **Describe the solution you'd like** To publish the model `rest-lib-utils` to maven repository so it can be used as...
I used steady's maven scan by adding configuration in the project's pom file. In use, app and a2c program analysis can succeed and obtain results, but upload, instr, t2c, etc....
Hello, I want to know where is the output result of `Static Analysis: Potential execution of vulnerable code`, I can see the call chain on the front end, but I...
**Question** how to get potentially or actually executable of vuln. code when scan pom.xml, and where do i need to put the source code? **To Reproduce** Analyzed project: ch.qos.logback :...
**Describe the bug** Steady's vulnerability reports for the com.fasterxml.jackson.core:jackson-databind 2.0.0, 2.6.5, and 2.8.0 projects are completely identical. My objective is to analyze the vulnerabilities of the com.fasterxml.jackson.core:jackson-databind 2.0.0, 2.6.5, and...
Steady build method: [[QuickStart](https://eclipse.github.io/steady/user/tutorials/)](https://eclipse.github.io/steady/user/tutorials/) Question 1:View backend http://localhost:8033/bugs/ Found only 501 cve information, while there are 729 cve information in `kb-importer/data/.kaybee/repositories/github.com_ sap.project-kb_vulnerability-data/statements`and 731 cve information in `kb-importer/data/statements`. I suspect that...
**Describe the bug** When running mvn -Dsteady steady:report it throws an UnsupportedOperationException due to an invalid environment variable key __IMPORTANT__: please ensure that you do not refer to any **internal...
