Open Stack

Hi Elena,

I like the idea, probably we can prepare some scripts which will allow to
run this tool for any OpenStack components like it is done for Bandit tool
[1].

[1] https://github.com/openstack/bandit

On Tue, Aug 4, 2015 at 8:01 PM, Reshetova, Elena <elena.reshetova at intel.com>
wrote:

> Hi,
>
>
>
> Sorry for the double posting, I have got a recommendation to send this to
> the security mailing list also and not to the dev one.
>
>
>
> We would like to ask opinions if people find it valuable to include a
> cve-check-tool into the OpenStack continuous integration process?
>
> A tool can be run against the package and module dependencies of OpenStack
> components and detect any CVEs (in future there are also plans to integrate
> more functionality to the tool, such as scanning of other vulnerability
> databases and etc.). It would not only provide fast detection of new
> vulnerabilities that are being released for existing dependencies, but also
> control that people are not introducing new vulnerable dependencies.
>
>
>
> The tool is located here: https://github.com/ikeydoherty/cve-check-tool
>
>
>
> I am attaching an example of a very simple Python wrapper for the tool,
> which is able to process formats like:
> http://git.openstack.org/cgit/openstack/requirements/tree/upper-constraints.txt
>
> and an example of html output if you would be running it for the python
> module requests 2.2.1 version (which is vulnerable to 3 CVEs).
>
>
>
> Best Regards,
> Elena.
>
>
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>


-- 

Timur,
Senior QA Engineer
OpenStack Projects
Mirantis Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20150804/3b02bebc/attachment.html>