Go to file

ag 44b4167ee5 commit by to_remotes 2024-01-23 13:16:08 +0100 from vmdevac		2024-01-23 13:16:08 +01:00
README.md	commit by to_remotes 2023-10-30 10:44:08 +0100 from vmdevhw	2023-10-30 10:44:08 +01:00
bundle-audit-time.txt	commit by to_remotes 2024-01-23 13:16:08 +0100 from vmdevac	2024-01-23 13:16:08 +01:00
bundle-audit.json	commit by to_remotes 2024-01-23 13:16:08 +0100 from vmdevac	2024-01-23 13:16:08 +01:00
git_tag	updated git_tag file with main_3.1.4 2024-01-23 11:11:24 +0100 vmdevac	2024-01-23 11:11:24 +01:00
report.txt	commit by to_remotes 2024-01-23 12:56:58 +0100 from vmdevac	2024-01-23 12:56:58 +01:00
update-info.txt	commit by to_remotes 2024-01-22 08:29:39 +0100 from vmdevac	2024-01-22 08:29:39 +01:00

README.md

How to read the information of a given Commit

By audit we mean checking for vulnerabilities.

bundle-audit.json: This file contains audit information in JSON format

report.txt: In a text format it is described which vulnerabilities have been detected

update-info.txt: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

bundle-audit-time.txt: contains time stamp auf audit in ISO format

git_tag: The tag of the application/image/audit at the time audit

What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image. Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.