onedev/server

#1817 Step to scan open source dependencies to find vulnerabilities

Released

Robin Shen opened 1 month ago

No description

Robin Shen added to milestone "10.4.0" 1 month ago

Robin Shen changed title 1 month ago

Previous Value	Current Value
Built-in dependency vulnerability scan	Built-in vulnerability scan for open source dependencies

OneDev changed state to 'Closed' 1 month ago

Previous Value	Current Value
Open	Closed

OneDev commented 1 month ago

State changed as code fixing the issue is committed (1e5e638f)

bufferUnderrun commented 1 month ago

Very good feature !!

How does it will works ? Scanning specifics files (ie: packages.lock...) ?

Robin Shen commented 1 month ago

Yes, it calls osv scanner to scan packages.lock and other files. Will write doc for this after 10.4 is released.

Robin Shen changed title 1 month ago

Previous Value	Current Value
Built-in vulnerability scan for open source dependencies	Step to scan open source dependencies to find vulnerabilities

OneDev changed state to 'Released' 3 weeks ago

Previous Value	Current Value
Closed	Released

OneDev commented 3 weeks ago

State changed as build #4853 is successful

Milestones

Issue Votes (0)

Watchers (2)

Reference

onedev/server#1817