Currently there's possiblity to make "one-liner scan" of system using curl (https://vuls.io/docs/en/usage-server.html). Issue is, that received JSON can't be displayed nicely with application, because application always want's to get the data from vulnerability DB (even there's everything needed in the JSON returned by vul

I'm using OpenNTPD instead of the default ntp on my FreeBSD server - when lynis analyses the ntp settings it tries to query information with ntpq which is (to my knowledge) is not possible with OpenNTPD.

Lynis will slow down as ntpq takes a while fail.

OS: FreeBSD 10.4
Lynis: 2.6.1 (768446e4)

[ Lynis 2.6.1 ]

####################################################################

In a server / client setup it would be great if Trivy would expose some metrics about the scans happen with the central server.
Some useful metrics for my implementation:

• Last DB Update (timestamp)
• Last DB Update Attempt (timestamp)
• Sum of Issues found
• Sum of Issues found splited up in SEVERITY
• Sum of Issues found splited up in sources (OS, Python, Node etc)

As Trivy is build to

Multiples wiki issues.

Typos

• https://github.com/infobyte/faraday/wiki/Executive-Report#using-markdown-on-a-report: -lenguage +language

Bad links

• https://github.com/infobyte/faraday/wiki/Executive-Report#requirements: https://github.com/infobyte/faraday/wiki/first-steps, the nedpoint first-steps doesn't exist anymore.

Images

• https://github.com/infob

Hey Stuart @itoffshore, hope you are well. Don't you think the man pages need some updating, we've made a lot of changes in the last 6 months.

When building a new release, it'd be handy if we could use packer to build images in multiple different formats. Packerize the setup that happens in util/bootstrap-standalone.sh.

Link: https://packer.io/intro/getting-started/build-image.html

• safety version: 1.8.5
• Python version: 3.6.7
• Operating System: Ubuntu 18.04

Description

safety skips package(s) with --hash inside requirements.txt

$ cat requirements.txt
flask==0.12.1 --hash=sha256:6c3130c8927109a08225993e4e503de4ac4f2678678ae211b33b519c622a7242

What I Did

$ safety check -r requirements.txt
│ REPORT                                 

I did a basic line edit of the "Usage" section, but next it needs reorganization and more information.

Would anyone want to spend time on a call or two to help me understand some of the commands? Some of them aren't obvious to me from the command line help, so they might benefit from better explanation.

(I'll continue to work on this section, but having a technical expert to answer some of

I believe that the process for scanning with clair-scanner is something like

1. clair-scanner starts a local registry
2. clair-scanner calls clair requesting a scan using the --IP parameter
3. clair calls back to the public IP sent and pulls the image

I think this should really be called out in the readme as a major decision in determining if you should use the tool. I was evaluating this