Skip to content
This repository has been archived by the owner on Jun 9, 2022. It is now read-only.

Scan Hawkeye with Hawkeye #129

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

bekh6ex
Copy link
Contributor

@bekh6ex bekh6ex commented Jul 12, 2019

Description

Do a self scan

Fixes #128

Type of change

  • New feature (non-breaking change which adds functionality)

Toolchain

  • Other

How Has This Been Tested?

Just run ./bin/hawkeye scan in hawkeyesec/scanner-cli project root

Test Configuration:

  • Toolchain: nodejs v11.6.0
  • SDK (incl. version):
  • OS version: MacOS

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@bekh6ex
Copy link
Contributor Author

bekh6ex commented Jul 12, 2019

Now it's failing:

module            level   code                           offender    description                                       mitigation                             
----------------  ------  -----------------------------  ----------  ------------------------------------------------  ---------------------------------------
node-npmoutdated  medium  node-npmoutdated-semver-2      semver      Module is one or more minor versions out of date  Upgrade to v6.2.0 (Current: v6.1.1)    
node-npmoutdated  medium  node-npmoutdated-superagent-2  superagent  Module is one or more minor versions out of date  Upgrade to v5.1.0 (Current: v5.0.5)    
node-npmoutdated  low     node-npmoutdated-lodash-3      lodash      Module is one or more patch versions out of date  Upgrade to v4.17.14 (Current: v4.17.11)

Need to figure out what would be the proper fix. Ideas?

@bekh6ex
Copy link
Contributor Author

bekh6ex commented Jul 12, 2019

Look like it would be nice to have minimal level per module configuration...

@felixhammerl
Copy link
Collaborator

I will change this a bit in the sense that I'll have the check run as a nightly cron job, instead of every build. I do recommend this to teams, so it makes sense to have it here as well :)

For this, I'll modify the setup for the nightly OWASP update build to listen to another env variable so that they don't clash.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Scan Hawkeye with Hawkeye
2 participants