Oreen Livni

### Problem Statement Currently, every query in our query library is associated with a YAML file. This file outlines essential details like the query's function, parameters, references, etc. Additionally, we...

Validate if symlink edgecase still exist when indexing

1

``` if isinstance(obj, str): # TODO: This is a symlink. We should handle it. # Only examples at the moment are for https://github.com/edgedb/edgedb-pkg # E.g. https://github.com/edgedb/edgedb-pkg/blob/master/integration/linux/build/centos-8/action.yml logger.debug(f"[-] Symlink detected: {content}....

Add option to generate code excution commands/steps

1

This is supposed to be fuctinality added to report sub-command. After quering neo4j and finding vulnerable workflows or actions, it should print an explanation about the exploit, and how it...

Differentiate CompositeAction nodes by version

1

Currently, Composite Action nodes lack attached version information, which prevents us from querying for vulnerabilities that exist in specific versions. To address this, we should represent each version of a...

Support multi process in download

1

Currently, passing Config object arrives empty to the `index_workflow_file` function. This happens because processes use separate memory, we should pass the relevant config params to the function or use Manager.

## Problem Statement: We are aiming to improve the system by running the index and download logics in parallel. To achieve this, we need to implement a queueing mechanism that...

To preview the user the infected workflows and actions right away when you log in to neo4j without the need to copy queries from the ReadME