Hi,

 

We would like to ask opinions if people find it valuable to include a
cve-check-tool into the OpenStack continuous integration process? 

A tool can be run against the package and module dependencies of OpenStack
components and detect any CVEs (in future there are also plans to integrate
more functionality to the tool, such as scanning of other vulnerability
databases and etc.). It would not only provide fast detection of new
vulnerabilities that are being released for existing dependencies, but also
control that people are not introducing new vulnerable dependencies. 

 

The tool is located here: https://github.com/ikeydoherty/cve-check-tool

 

I am attaching an example of a very simple Python wrapper for the tool,
which is able to process formats like:
http://git.openstack.org/cgit/openstack/requirements/tree/upper-constraints.
txt

and an example of html output if you would be running it for the python
module requests 2.2.1 version (which is vulnerable to 3 CVEs). 

 

Best Regards,
Elena.

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to