Go to file

ag 68d7a3b34b commit by to_remotes 2023-12-06 08:09:44 +0100 from vmdevac		2023-12-06 08:09:44 +01:00
README.md	commit by to_remotes 2023-10-30 10:44:08 +0100 from vmdevhw	2023-10-30 10:44:08 +01:00
bundle-audit-time.txt	commit by to_remotes 2023-12-06 08:09:44 +0100 from vmdevac	2023-12-06 08:09:44 +01:00
bundle-audit.json	commit by to_remotes 2023-12-06 08:09:44 +0100 from vmdevac	2023-12-06 08:09:44 +01:00
git_tag	updated git_tag file with main_2.12.5 2023-12-05 14:33:12 +0100 vmdevac	2023-12-05 14:33:12 +01:00
report.txt	commit by to_remotes 2023-11-17 08:21:59 +0100 from vmdevac	2023-11-17 08:21:59 +01:00
update-info.txt	commit by to_remotes 2023-12-04 12:07:25 +0100 from vmdevac	2023-12-04 12:07:25 +01:00

README.md

How to read the information of a given Commit

By audit we mean checking for vulnerabilities.

bundle-audit.json: This file contains audit information in JSON format

report.txt: In a text format it is described which vulnerabilities have been detected

update-info.txt: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

bundle-audit-time.txt: contains time stamp auf audit in ISO format

git_tag: The tag of the application/image/audit at the time audit

What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image. Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.