Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/knqyf263/remic
Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
https://github.com/knqyf263/remic
Last synced: about 1 month ago
JSON representation
Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
- Host: GitHub
- URL: https://github.com/knqyf263/remic
- Owner: knqyf263
- License: mit
- Created: 2019-05-11T05:35:24.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-07-04T15:26:09.000Z (over 5 years ago)
- Last Synced: 2024-06-20T17:49:02.681Z (5 months ago)
- Language: Go
- Size: 34.2 KB
- Stars: 24
- Watchers: 4
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# remic
Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
# Usage
```
$ remic -h
NAME:
remic - A simple and fast tool for detecting vulnerabilities in application dependencies
USAGE:
remic [options] file
VERSION:
0.0.2
OPTIONS:
--format value, -f value format (table, json) (default: "table")
--severity value, -s value severity of vulnerabilities to be displayed (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--output value, -o value output file name
--exit-code value Exit code when vulnerabilities were found (default: 0)
--skip-update skip db update
--ignore-unfixed display only fixed vulnerabilities
--debug, -d debug mode
--help, -h show help
--version, -v print the version
```
# Vulnerability Detection
## Application Dependencies
`Remic` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
- Gemfile.lock
- Pipfile.lock
- composer.lock
- package-lock.json
- yarn.lock
- Cargo.lock
The path of these files does not matter.
Example: https://npm.pkg.github.com/knqyf263/trivy-ci-test/blob/master/Dockerfile