OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-1817
Step to scan open source dependencies to find vulnerabilities (OD-1817)
Robin Shen opened 2 years ago
No description
  • Robin Shen added to iteration "10.4.0" 2 years ago
  • Robin Shen changed title 2 years ago
    Previous Value Current Value 
    Built-in dependency vulnerability scan
    		 
    Built-in vulnerability scan for open source dependencies
  • OneDev changed state to 'Closed' 2 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev commented 2 years ago

    State changed as code fixing the issue is committed (1e5e638f)

  • bufferUnderrun commented 2 years ago

    Very good feature !!

    How does it will works ? Scanning specifics files (ie: packages.lock...) ?

  • Robin Shen commented 2 years ago

    Yes, it calls osv scanner to scan packages.lock and other files. Will write doc for this after 10.4 is released.

  • Robin Shen changed title 2 years ago
    Previous Value Current Value 
    Built-in vulnerability scan for open source dependencies
    		 
    Step to scan open source dependencies to find vulnerabilities
  • OneDev changed state to 'Released' 2 years ago
    Previous Value Current Value 
    Closed
    		 
    Released
  • OneDev commented 2 years ago

    State changed as build #4853 is successful

issue 1/1
Type
New Feature
Priority
Normal
Assignee
Robin Shen
Labels
Enterprise Edition
Iterations
Issue Votes (0)
Login to vote
Watchers (2)
Reference
OD-1817
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover