# How to read the information of a given Commit

By **audit** we mean checking for vulnerabilities.

**bundle-audit.json**: This file contains audit information in JSON format

**report.txt**: In a text format it is described which vulnerabilities have been detected

**update-info.txt**: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

**bundle-audit-time.txt**: contains timestamp of audit in ISO format

**git_tag**: The tag of the application/image/audit at the time audit

You will notice that bundle-audit-time.txt is changed whenever an audit is being done, while report.txt is only updated when actually there is something to be reported.


# What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image.
Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.