Stanley [mailto:fu...@yuggoth.org]
Sent: Wednesday, August 5, 2015 10:16 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Security] Would people see a value in the
cve-check-tool? (Reshetova, Elena)
On 2015-08-05 09:54:52 -0700 (-0700), Clint Byru
om: McPeak, Travis [mailto:travis.mcp...@hp.com]
Sent: Wednesday, August 5, 2015 6:15 AM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Security] Would people see a value in the
cve-check-tool? (Reshetova, Elena)
(Merging thread from security ML)
Bandit probably isnĀ¹t the cor
> Arguably also 3. lots of CVEs which aren't applicable for some reason, so
we likely need a means to whitelist those and filter them from the report.
cve-check-tool supports whitelisting and won't report the CVEs that have
been marked as "ignore". The temporal faux format that I am filling in the
see a value in the cve-check-tool?
Hi Elena, the tool looks very interesting.
Maybe try to spread out this proposal also through openstack-security@ ML.
BTW, I can't find the wrapper mentioned - am I missing something?
Regards,
Adam
On Mon, Aug 3, 2015 at 11:08 PM, Reshetova,
Hi,
We would like to ask opinions if people find it valuable to include a
cve-check-tool into the OpenStack continuous integration process?
A tool can be run against the package and module dependencies of OpenStack
components and detect any CVEs (in future there are also plans to integrate
mo
