Security Vulnerability Reports

As an end user, you need to review the security vulnerabilities your project is exposed to while you work on your build configuratuion.

Security Vulnerability Summary

CVE, short for Common Vulnerabilities and Exposure, is a list of publicly disclosed security flaws.

Security advisories issued by external vendors and maintainers of a package use CVE ID to coordinate, prioritize and address these vulnerabilities.

To view a project’s vulnerability status, you can get a summary and a report for the current project using the state cve command.

Specifying the project is optional.

If omitted, it defaults to the current active project.

  1. Run state cve to generate the top level summary report of the current vulnerabilities by severity.

Security Vulnerability Report

  1. Run state cve report myOrg/myProject and receive a full detail report of a project’s security vulnerability status and what packages they belong to.

View Security Vulnerability Details

  1. Run state cve open <CVE ID> to get a detailed breakdown of unique CVE ID in a browser.

Further Information