Go to file

cicd 0d885d8f51 commit by to_remotes 2025-04-07 12:08:01 +0200 from cicd		2025-04-07 12:08:01 +02:00
README.md	commit by to_remotes 2024-02-06 12:28:02 +0100 from vmdevhw	2024-02-06 12:28:02 +01:00
bundle-audit-time.txt	commit by to_remotes 2025-04-07 12:08:01 +0200 from cicd	2025-04-07 12:08:01 +02:00
bundle-audit.json	commit by to_remotes 2025-04-07 12:08:01 +0200 from cicd	2025-04-07 12:08:01 +02:00
git_tag	updated git_tag file with main_3.4.10-1743760865 2025-04-04 12:01:08 +0200 cicd	2025-04-04 12:01:08 +02:00
report.txt	commit by to_remotes 2025-03-24 07:25:38 +0100 from cicd	2025-03-24 07:25:38 +01:00
update-info.txt	commit by to_remotes 2025-03-31 10:02:12 +0200 from cicd	2025-03-31 10:02:12 +02:00

README.md

How to read the information of a given Commit

By audit we mean checking for vulnerabilities.

bundle-audit.json: This file contains audit information in JSON format

report.txt: In a text format it is described which vulnerabilities have been detected

update-info.txt: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

bundle-audit-time.txt: contains timestamp of audit in ISO format

git_tag: The tag of the application/image/audit at the time audit

You will notice that bundle-audit-time.txt is changed whenever an audit is being done, while report.txt is only updated when actually there is something to be reported.

What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image. Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.