Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OWASP dependency check #193

Open
gnespolino opened this issue Oct 7, 2022 · 0 comments
Open

OWASP dependency check #193

gnespolino opened this issue Oct 7, 2022 · 0 comments

Comments

@gnespolino
Copy link

Expected: add owasp dependency check plugin to package.json

  "scripts": {
    ...
    "owasp": "owasp-dependency-check --project \"YOUR PROJECT NAME\" -f HTML JSON",
    ...
  },

Current output:

Dependency Vulnerability IDs Package Highest Severity CVE Count Confidence Evidence Count
async:0.2.10 cpe:2.3:a:async_project:async:0.2.10:::::::* pkg:npm/[email protected] HIGH 1 Highest 7
async:0.9.2 cpe:2.3:a:async_project:async:0.9.2:::::::* pkg:npm/[email protected] HIGH 1 Highest 7
async:1.5.2 cpe:2.3:a:async_project:async:1.5.2:::::::* pkg:npm/[email protected] HIGH 1 Highest 7
braces:0.1.5 cpe:2.3:a:braces_project:braces:0.1.5:::::::* pkg:npm/[email protected] MEDIUM 3 Highest 9
braces:1.8.5 cpe:2.3:a:braces_project:braces:1.8.5:::::::* pkg:npm/[email protected] MEDIUM 1 Highest 8
browserslist:1.7.7 cpe:2.3:a:browserslist_project:browserslist:1.7.7:::::::* pkg:npm/[email protected] MEDIUM 1 Highest 6
color-string:0.3.0 cpe:2.3:a:color-string_project:color-string:0.3.0:::::::* pkg:npm/[email protected] MEDIUM 2 Highest 6
debug:2.2.0 cpe:2.3:a:debug_project:debug:2.2.0:::::::* pkg:npm/[email protected] MEDIUM 1 Highest 6
debug:2.3.3 cpe:2.3:a:debug_project:debug:2.3.3:::::::* pkg:npm/[email protected] MEDIUM 2 Highest 6
engine.io:1.8.3 cpe:2.3:a:socket:engine.io:1.8.3:::::::* pkg:npm/[email protected] HIGH 2 Highest 7
faye-websocket:0.10.0 cpe:2.3:a:faye-websocket_project:faye-websocket:0.10.0:::::::* pkg:npm/[email protected] HIGH 1 Highest 8
getobject:0.1.0 cpe:2.3:a:getobject_project:getobject:0.1.0:::::::* pkg:npm/[email protected] CRITICAL 2 Highest 9
glob-parent:2.0.0   pkg:npm/[email protected] HIGH 2   8
grunt-cli:1.4.3 cpe:2.3:a:gruntcli_project:gruntcli:1.4.3:::::::* pkg:npm/[email protected] HIGH 1 Low 6
grunt-karma:2.0.0   pkg:npm/[email protected] HIGH 1   6
is-svg:2.1.0 cpe:2.3:a:is-svg_project:is-svg:2.1.0:::::::* pkg:npm/[email protected] HIGH 4 Highest 8
js-yaml:3.7.0 cpe:2.3:a:js-yaml_project:js-yaml:3.7.0:::::::* pkg:npm/[email protected] high 2 Highest 7
karma:1.7.1 cpe:2.3:a:karma_project:karma:1.7.1:::::::* pkg:npm/[email protected] MEDIUM 4 Highest 8
loader-utils:0.2.17   pkg:npm/[email protected] HIGH 1   6
loader-utils:1.4.0   pkg:npm/[email protected] HIGH 1   6
lodash:3.10.1 cpe:2.3:a:lodash:lodash:3.10.1:::::::* pkg:npm/[email protected] CRITICAL 14 Highest 7
log4js:0.6.38 cpe:2.3:a:log4js_project:log4js:0.6.38:::::::* pkg:npm/[email protected] MEDIUM 2 Highest 7
minimist:0.0.10 cpe:2.3:a:substack:minimist:0.0.10:::::::* pkg:npm/[email protected] CRITICAL 4 Highest 9
open:0.0.5   pkg:npm/[email protected] critical 1   8
parsejson:0.0.3 cpe:2.3:a:parsejson_project:parsejson:0.0.3:::::::* pkg:npm/[email protected] HIGH 2 Highest 7
postcss:5.2.18 cpe:2.3:a:postcss:postcss:5.2.18:::::::* pkg:npm/[email protected] HIGH 3 Highest 7
postcss:6.0.23 cpe:2.3:a:postcss:postcss:6.0.23:::::::* pkg:npm/[email protected] HIGH 2 Highest 7
serialize-javascript:1.9.1   pkg:npm/[email protected] high 4   8
shelljs:0.3.0 cpe:2.3:a:shelljs_project:shelljs:0.3.0:::::::* pkg:npm/[email protected] HIGH 3 Highest 7
simple-get:3.1.1 cpe:2.3:a:simple-get_project:simple-get:3.1.1:::::::* pkg:npm/[email protected] HIGH 1 Highest 10
socket.io-parser:2.3.1 cpe:2.3:a:socket:socket.io-parser:2.3.1:::::::* pkg:npm/[email protected] HIGH 2 Highest 5
socket.io:1.7.3 cpe:2.3:a:socket:socket.io:1.7.3:::::::* pkg:npm/[email protected] MEDIUM 2 Highest 5
ssri:5.3.0 cpe:2.3:a:ssri_project:ssri:5.3.0:::::::* pkg:npm/[email protected] HIGH 2 Highest 8
webpack-dev-server:1.16.5 cpe:2.3:a:webpack.js:webpack-dev-server:1.16.5:::::::* pkg:npm/[email protected] HIGH 2 Highest 7
ws:1.1.2 cpe:2.3:a:ws_project:ws:1.1.2:::::::* pkg:npm/[email protected] high 1 Highest 6
xmlhttprequest-ssl:1.5.3 cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:1.5.3:::::::* pkg:npm/[email protected] CRITICAL 3 Highest 7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant