Hi Adam,
Thank you for your suggestion! I will send also this proposal to openstack-security@. I have previously attached the wrapper python class to the email, but it seems that it didn’t reach people. Let me try again (now in a form of an archive) and see if it goes through this time. Best Regards, Elena. From: Adam Heczko [mailto:ahec...@mirantis.com] Sent: Monday, August 3, 2015 3:18 PM To: OpenStack Development Mailing List (not for usage questions) Cc: Heath, Constanza M; Ding, Jian-feng; Demeter, Michael; Bhandaru, Malini K Subject: Re: [openstack-dev] Would people see a value in the cve-check-tool? Hi Elena, the tool looks very interesting. Maybe try to spread out this proposal also through openstack-security@ ML. BTW, I can't find the wrapper mentioned - am I missing something? Regards, Adam On Mon, Aug 3, 2015 at 11:08 PM, Reshetova, Elena <elena.reshet...@intel.com <mailto:elena.reshet...@intel.com> > wrote: Hi, We would like to ask opinions if people find it valuable to include a cve-check-tool into the OpenStack continuous integration process? A tool can be run against the package and module dependencies of OpenStack components and detect any CVEs (in future there are also plans to integrate more functionality to the tool, such as scanning of other vulnerability databases and etc.). It would not only provide fast detection of new vulnerabilities that are being released for existing dependencies, but also control that people are not introducing new vulnerable dependencies. The tool is located here: https://github.com/ikeydoherty/cve-check-tool I am attaching an example of a very simple Python wrapper for the tool, which is able to process formats like: http://git.openstack.org/cgit/openstack/requirements/tree/upper-constraints.txt and an example of html output if you would be running it for the python module requests 2.2.1 version (which is vulnerable to 3 CVEs). Best Regards, Elena. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Adam Heczko Security Engineer @ Mirantis Inc.
wrapper.zipx
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
