wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki
3,044 Commits
1 Branch
1,329 Tags
3.9 MiB
Text 100%
 
Go to file
cicd 4960b2f887 updated git_tag file with RUBY VERSION=3.4.1 
main_3.1.0-1736248907 2025-01-07 12:21:50 +0100 cicd
 		2025-01-07 12:21:50 +01:00
README.md commit by to_remotes 2024-02-06 12:28:02 +0100 from vmdevhw 2024-02-06 12:28:02 +01:00
bundle-audit-time.txt commit by to_remotes 2025-01-07 12:14:32 +0100 from cicd 2025-01-07 12:14:32 +01:00
bundle-audit.json commit by to_remotes 2025-01-07 12:14:32 +0100 from cicd 2025-01-07 12:14:32 +01:00
git_tag updated git_tag file with RUBY VERSION=3.4.1 2025-01-07 12:21:50 +01:00
report.txt commit by to_remotes 2024-12-04 07:41:28 +0100 from cicd 2024-12-04 07:41:28 +01:00
update-info.txt commit by to_remotes 2025-01-07 08:33:05 +0100 from cicd 2025-01-07 08:33:05 +01:00

README.md

How to read the information of a given Commit

By audit we mean checking for vulnerabilities.

bundle-audit.json: This file contains audit information in JSON format

report.txt: In a text format it is described which vulnerabilities have been detected

update-info.txt: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

bundle-audit-time.txt: contains timestamp of audit in ISO format

git_tag: The tag of the application/image/audit at the time audit

You will notice that bundle-audit-time.txt is changed whenever an audit is being done, while report.txt is only updated when actually there is something to be reported.

What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image. Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.