Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot find CVE in JSON output #578

Open
cloudsreal opened this issue Aug 17, 2024 · 1 comment
Open

Cannot find CVE in JSON output #578

cloudsreal opened this issue Aug 17, 2024 · 1 comment

Comments

@cloudsreal
Copy link

cloudsreal commented Aug 17, 2024

  • safety version: Safety 3.2.5
  • Python version: Python 3.8
  • Operating System: MacOS

Description

 safety scan  --output json

The output results only contains dependencies and their vulnerabilities without pointing out CVE they relate.

"dependencies": [
                {
                  "name": "pygments",
                  "specifications": [
                    {
                      "raw": "Pygments==2.2.0",
                      "vulnerabilities": {
                        "known_vulnerabilities": [
                          {
                            "id": "50885",
                            "ignored": null,
                            "vulnerable_spec": ">=1.5,<2.7.4"
                          },
                          ...

What I Did

I hope JSON will have more info like CVE and CVSS, or you could recommend a method to find CVE by vulnerability ID to me.

Copy link

Hi @cloudsreal, thank you for opening this issue!

We appreciate your effort in reporting this. Our team will review it and get back to you soon.
If you have any additional details or updates, feel free to add them to this issue.

Note: If this is a serious security issue that could impact the security of Safety CLI users, please email [email protected] immediately.

Thank you for contributing to Safety CLI!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant