Print vulnerability report at the end of the run
What does this MR do?
It prints a text report of the vulnerability the tool found at the end of it's standard output
Here is an example of report:
Security vulnerabilities found :
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| Priority | Tool | Identifier | URL |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| High | brakeman | | https://brakemanscanner.org/docs/warning_types/command_injection/ |
| Possible command injection |
| In app/controllers/application_controller.rb line 5 |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| Unknown | gemnasium | | https://github.com/mishoo/UglifyJS2/issues/751 |
| Backdooring via erroneous minifcation of boolean expression for uglifier |
| In Gemfile.lock |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| Unknown | gemnasium | CVE-2017-15412 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412 |
| Denial of Service for nokogiri |
| In Gemfile.lock |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| Unknown | bundler_audit | CVE-2017-15412 | https://github.com/sparklemotion/nokogiri/issues/1714 |
| Nokogiri gem, via libxml, is affected by DoS vulnerabilities |
| In Gemfile.lock |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| Unknown | bundler_audit | 126747 | https://github.com/mishoo/UglifyJS2/issues/751 |
| uglifier incorrectly handles non-boolean comparisons during minification |
| In Gemfile.lock |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
| 5 security vulnerabilities. |
+--------------------+--------------------+--------------------+-------------------------------------------------------------------+
Why was this MR needed?
It's needed to offer people clicking a Github status URL a way to see the detected vulnerabilities.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug
What are the relevant issue numbers?
Closes #31
Edited by Gilbert Roulot