Hi, Sorry for the double posting, I have got a recommendation to send this to the security mailing list also and not to the dev one. We would like to ask opinions if people find it valuable to include a cve-check-tool into the OpenStack continuous integration process? A tool can be run against the package and module dependencies of OpenStack components and detect any CVEs (in future there are also plans to integrate more functionality to the tool, such as scanning of other vulnerability databases and etc.). It would not only provide fast detection of new vulnerabilities that are being released for existing dependencies, but also control that people are not introducing new vulnerable dependencies. The tool is located here: https://github.com/ikeydoherty/cve-check-tool I am attaching an example of a very simple Python wrapper for the tool, which is able to process formats like: http://git.openstack.org/cgit/openstack/requirements/tree/upper-constraints. txt and an example of html output if you would be running it for the python module requests 2.2.1 version (which is vulnerable to 3 CVEs). Best Regards, Elena. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/bac955fc/attachment.html> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/bac955fc/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: CVECheckTool.py Type: application/octet-stream Size: 3858 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/bac955fc/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: CVECheckToolTest.py Type: application/octet-stream Size: 180 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/bac955fc/attachment-0001.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7586 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/bac955fc/attachment.bin>