search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.69k stars 143 forks source link

Cannot find CVE in JSON output #578

Open cloudsreal opened 1 month ago

cloudsreal commented 1 month ago

Description

 safety scan  --output json

The output results only contains dependencies and their vulnerabilities without pointing out CVE they relate.

"dependencies": [
                {
                  "name": "pygments",
                  "specifications": [
                    {
                      "raw": "Pygments==2.2.0",
                      "vulnerabilities": {
                        "known_vulnerabilities": [
                          {
                            "id": "50885",
                            "ignored": null,
                            "vulnerable_spec": ">=1.5,<2.7.4"
                          },
                          ...

What I Did

I hope JSON will have more info like CVE and CVSS, or you could recommend a method to find CVE by vulnerability ID to me.

github-actions[bot] commented 1 month ago

Hi @cloudsreal, thank you for opening this issue!

We appreciate your effort in reporting this. Our team will review it and get back to you soon. If you have any additional details or updates, feel free to add them to this issue.

Note: If this is a serious security issue that could impact the security of Safety CLI users, please email security@safetycli.com immediately.

Thank you for contributing to Safety CLI!