As an end user, you need to review the security vulnerabilities your project is exposed to while you work on your build configuratuion.
CVE, short for Common Vulnerabilities and Exposure, is a list of publicly disclosed security flaws.
Security advisories issued by external vendors and maintainers of a package use CVE ID to coordinate, prioritize and address these vulnerabilities.
To view a project’s vulnerability status, you can get a summary and a report for the current project using the
state cve command.
Specifying the project is optional.
If omitted, it defaults to the current active project.
state cveto generate the top level summary report of the current vulnerabilities by severity.
state cve report myOrg/myProjectand receive a full detail report of a project’s security vulnerability status and what packages they belong to.
state cve open <CVE ID>to get a detailed breakdown of unique CVE ID in a browser.