Go to file

ag b7f25205c0 commit by to_remotes 2023-11-14 10:33:49 +0100 from vmdevac		2023-11-14 10:33:49 +01:00
README.md	commit by to_remotes 2023-10-30 10:44:08 +0100 from vmdevhw	2023-10-30 10:44:08 +01:00
bundle-audit-time.txt	commit by to_remotes 2023-11-14 10:33:49 +0100 from vmdevac	2023-11-14 10:33:49 +01:00
bundle-audit.json	commit by to_remotes 2023-11-14 10:33:49 +0100 from vmdevac	2023-11-14 10:33:49 +01:00
git_tag	updated git_tag file with 2.11.12 2023-11-13 12:45:53 +0100 vmdevac	2023-11-13 12:45:53 +01:00
report.txt	commit by to_remotes 2023-11-02 12:38:30 +0100 from vmdevac	2023-11-02 12:38:30 +01:00
update-info.txt	commit by to_remotes 2023-11-03 10:03:02 +0100 from vmdevac	2023-11-03 10:03:02 +01:00

README.md

How to read the information of a given Commit

By audit we mean checking for vulnerabilities.

bundle-audit.json: This file contains audit information in JSON format

report.txt: In a text format it is described which vulnerabilities have been detected

update-info.txt: Contains Information as of which date the vulnerabilities database is that has been used to perform the checks.

bundle-audit-time.txt: contains time stamp auf audit in ISO format

git_tag: The tag of the application/image/audit at the time audit

What is being checked and how?

The application being checked is Xalimo Teamplay which is a Rails application provided by a docker image. Basis for the check is the set of used packages (called Gems). These are being tested against a constantantly updated database of know vulnerabilities.