22 lines
1006 B
Markdown
22 lines
1006 B
Markdown
# How to read the information of a given Commit
|
|
|
|
By **audit** we mean checking for vulnerabilities.
|
|
|
|
**bundle-audit.json**: This file contains audit information in JSON format
|
|
|
|
**report.txt**: In a text format it is described which vulnerabilities have been detected
|
|
|
|
**update-info.txt**: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.
|
|
|
|
**bundle-audit-time.txt**: contains timestamp of audit in ISO format
|
|
|
|
**git_tag**: The tag of the application/image/audit at the time audit
|
|
|
|
You will notice that bundle-audit-time.txt is changed whenever an audit is being done, while report.txt is only updated when actually there is something to be reported.
|
|
|
|
|
|
# What is being checked and how?
|
|
|
|
The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image.
|
|
Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.
|