Vulnlog

@[email protected]
1 Followers
1 Following
8 Posts
Supply chain security, as code.
Open-source CLI for tracking SCA vulnerability findings in your repository.
#DevSecOps #AppSec #SupplyChainSecurity #OpenSource
Webhttps://vulnlog.dev
Documentationhttps://vulnlog.dev/docs/
GitHubhttps://github.com/vulnlog/vulnlog
Show threadVulnlog1d ago

This command was used to generate the above Cargo Audit suppression file:

vulnlog suppress vulnlog.yaml --reporter cargo-audit

Vulnlog1d ago

Vulnlog 0.14.0 has been released. Highlights:

- Vulnlog now supports Cargo Audit native suppression file format.
- Install Vulnlog with a simple install script

https://vulnlog.dev/

#infosec #appsec #opensource

Vulnlog6d ago
Vulnlog helps developer teams handle SCA vulnerability findings: document what's actually affected, plan fixes for upcoming releases, and share clear reports with peers and customers. Open source, all from YAML in your repo.
🔗 vulnlog.dev
Show threadVulnlogMay 3

Would you like to see an example?

Take a look at the Vulnlog HTML report for the Vulnlog project: https://vulnlog.dev/security-report.html

Vulnlog Report

Vulnlog vulnerability report.

VulnlogMay 3

Vulnlog 0.13.0 is out, open-source vulnerability tracking in YAML, right in your repo.

What's new:
- `copy` command, propagate vulnerability entries between Vulnlog files, useful when maintaining multiple Vulnlog files
- Richer HTML reports, generation time, Vulnlog version, source filenames, applied filters and more
- New "dismissed" state, distinguishes entries closed without a fix from resolved ones
- `report` command can now write to STDOUT for CI pipelines
- New `vulnlogCopy` Gradle task

https://vulnlog.dev

VulnlogApr 19
Released Vulnlog version 0.12.0 − an open-source CLI tool for supply chain security. Track SCA vulnerability findings in YAML, right in your repository. Generate suppression files for your scanners and HTML reports for your team.
https://vulnlog.dev
#infosec #appsec #opensource
Vulnlog - Track vulnerability findings in your repository

Vulnlog is an open-source CLI for supply chain security: track SCA vulnerability findings in your repository, document analysis and verdicts, and generate suppression files for your scanners.