[FEATURE]: Dependencies Security analysis (security-advisories) - Githubissues

ekino / v6y

Vitality is a tool crafted to maintain and optimize the health and performance of codebase and applications.

MIT License

4 stars 1 forks source link

[FEATURE]: Dependencies Security analysis (security-advisories) #33

Open helabenkhalfallah opened 4 days ago

helabenkhalfallah commented 4 days ago

✨ Description

🚀 Motivation

Dependencies Security analysis using GitHub Advisory Database:

In summary, the source of npm audit is the GitHub Advisory Database, 
which provides vulnerability information for npm packages. 
npm audit uses the Bulk Advisory Endpoint to fetch this data and applies CVSS scoring to determine the severity of vulnerabilities.

[ ] Extends DependenciesUtils to add dependencies security check based on REST API endpoints for security advisories
[ ] We can add new status here and here for insecure dependencies.
[ ] We can add the change here and use statusHelp to add more details.