Comments (7)
Early look at the configuration for the Log:
{
"WarnOnly": false,
"Log": {
"OutPut": "ReportedVulnerabilities.log",
"LogLevel": 2,
"RollingInterval": 0
},
"CheckTransitiveDependencies": true,
"ErrorSettings": {
"ErrorSeverityThreshold": 5,
"CVSS3Threshold": -1,
"IgnoredPackages": [
{
"Id": "NugetDefense",
"Version": "1.0.8.0"
}
],
"IgnoredCvEs": []
},
"OssIndex": {
"Enabled": true,
"BreakIfCannotRun": true
},
"NVD": {
"SelfUpdate": false,
"TimeoutInSeconds": 15,
"Enabled": true,
"BreakIfCannotRun": true
}
}
from nugetdefense.
Closing as I saw Gitter is the prefered way to ask questions.
from nugetdefense.
Reopening to track request.
from nugetdefense.
I'm using Serilog to allow defining one or more log files (and eventually other sinks).
@jwilliamson1 if you have any preference on format, let me know. I intend to make the template string for Serilog configurable eventually, but if you have a preference, I'll start with that. I'm aiming to have an early version of this out this weekend and then expand it more later on.
from nugetdefense.
Hi! Thanks for looking at this. We use this xml format that Trivy supplies. It uses a junit template. Something like that would be ideal, but any output is good.
https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/junit.tpl
from nugetdefense.
@jwilliamson1 Would either of these work for you:
I tried to vaguely follow the template you linked while at the same time, getting something that should be "easily readable" and generic enough for general use. There are also separate logs in the latest build.
from nugetdefense.
A couple methods of doing this have been added in v1.0.8. Feel free to reopen this or comment if any other formats are required. I hope to get docs updated soon.
from nugetdefense.
Related Issues (20)
- does not support csproj with multiple target frameworks that target different versions of same package HOT 4
- System.ServiceModel.Primitives @ 4.10.0 wrongly reported as vulnerable HOT 1
- Support for Central Package Management HOT 4
- sonatype-2019-0115 reported for jQuery @ 3.6.3, but not on ossindex.sonatype.org HOT 1
- Question: Where is the default cache location? HOT 5
- Global NVD Vulnerability Data HOT 1
- Scanner crashes when encountering a SSIS project in a solution HOT 2
- Tool crashes with a fatal exception HOT 2
- .nugetdefense folder location on different Operating Systems
- Upgrade to new NVD API HOT 6
- SqlLiteVulnerabilityCache TODO: Debug this query to make sure Vulnerable versions are input correctly HOT 2
- Question: how does this differ from dotnet list HOT 3
- Does not create settings file HOT 2
- NuGetDefence.lib: scanning twice does not report the vulnerabilities on secound scan HOT 1
- NuGetDefence.lib: json report file not showing the list fo vulnarable packages
- Fatal Exception - System.ArgumentException: An item with the same key has already been added. HOT 3
- Missing ConfigFile leads to ExitCode > 0 HOT 3
- NVD Source not reporting vulnerability in Microsoft.ChakraCore 1.11.23
- packages without vulnerablities are in Report HOT 3
- Build fails with dotnet publish after upgrading from NuGetDefense 2.1 to 3.0.7 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nugetdefense.