vulnerablecode
vulnerablecode copied to clipboard
Better Documentation
https://github.com/nexB/vulnerablecode/pull/631 and https://github.com/nexB/vulnerablecode/pull/624 gives a basic documentation but there is scope for improvement.
- [ ] Info about severity systems
- [ ] Info about version_api (githubtagsapi, etc) and time traveling
- [ ] Open a draft PR (preferably) or an issue when you start working on something so that the project direction is visible to everyone.
- [ ] runserver with --insecure or DEBUG=True in settings for UI
- [ ] Add this somewhere in readme: OWASP Top 10 2021 (https://owasp.org/Top10/) A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #2 in the industry survey, but also had enough data to make the Top 10 via data analysis. This category moves up from #9 in 2017 and is a known issue that we struggle to test and assess risk. It is the only category not to have any CVEs mapped to the included CWEs, so a default exploit and impact weights of 5.0 are factored into their scores.