silinternational/vulnerability-scanner

Issues

• Add a way for it to find (and record) the PHP version used in Docker images not yet in the spreadsheet

  #54 opened 9 months ago by forevermatt
  0

• Also check JavaScript dependencies pulled in via Composer

  #53 opened 9 months ago by forevermatt
  0

• Document the values at the heart of this vulnerability scanner

  #45 opened 9 months ago by forevermatt
  0

• Warn about use of abandoned dependencies

  #52 opened 9 months ago by forevermatt
  0

• Check Dockerfiles for use of End-Of-Life (EOL) NodeJS version

  #42 opened 9 months ago by forevermatt
  1

• Enable configuring what (if any) severity of dev. dependency vulnerabilities to report

  #44 opened 9 months ago by forevermatt
  0

• Add automated code linter/formatter

  #29 opened 9 months ago by forevermatt
  0

• Improve CLI for scanning both GitHub and Bitbucket to use named CLI parameters

  #33 opened 9 months ago by forevermatt
  0

• Check OSV for vulnerabilities in the programming language itself (PHP, NodeJS, etc.)

  #40 opened 9 months ago by forevermatt
  0

• Add automated tests

  #27 opened 9 months ago by forevermatt
  1

• Use a static analysis tool or service

  #28 opened 9 months ago by forevermatt
  0

• If no composer.lock found, check for composer.json that requires vulnerable dependencies

  #10 opened 9 months ago by forevermatt
  0

• Enable connecting to a PR as a build check, to give a pass/fail response

  #15 opened 9 months ago by forevermatt
  0

• Allow running vulnerability-scanner on local repos

  #25 opened 9 months ago by jason-jackson
  0

• Check serverless.yml files for EOL'd versions of NodeJS

  #61 opened 9 months ago by forevermatt
  1

• Report Dockerfiles that appear to be running as root

  #70 opened 9 months ago by forevermatt
  2

• Language versions found in Dockerfiles aren't always accurate

  #81 opened 9 months ago by forevermatt
  1

• Check docker-compose.yml and codeship-services.yml images

  #85 opened 9 months ago by jason-jackson
  1

• Extract contents of `try` to separate method or methods (in `getSecurityVulnerabilitiesFor___Repo()` functions)

  #94 opened 9 months ago by forevermatt
  1

• Include (in the output) what file it found the vulnerability in

  #71 opened 2 years ago by forevermatt
  0

• Abort the run if a rate-limit error is hit

  #38 opened 3 years ago by forevermatt
  1

• Add a way to exclude archived Bitbucket repos

  #57 opened 3 years ago by forevermatt
  0

• Update the readme to show how to scan Bitbucket, too

  #39 opened 4 years ago by forevermatt
  1

• Check Dockerfiles for use of End-Of-Life (EOL) PHP Version

  #41 opened 4 years ago by forevermatt
  0

• Check for JavaScript vulnerabilities (not just PHP vulnerabilities)

  #24 opened 4 years ago by forevermatt
  0

• Check Bitbucket repos as well (not just GitHub repos)

  #23 opened 4 years ago by forevermatt
  0

• Exclude archived GitHub repos

  #20 opened 4 years ago by forevermatt
  0

• Include link a "more details" link about the vulnerability in the results/CSV

  #14 opened 4 years ago by forevermatt
  0