b31ngd3v's Blog

Week #5: Wrapping up stage 1

b31ngd3v
Published: 07/06/2023

What did I do this week?

This week, I've added test cases for the GitHub action and fixed a few bugs in the main repo.

What is coming up next?

In the next phase, I'll work on reported bugs.

Did I get stuck anywhere?

No, I didn't get stuck anywhere.

View Blog Post

Week #4: Added available fixes

b31ngd3v
Published: 06/29/2023

What did I do this week?

This week, I added a extra parameter called available fix in the output.

What is coming up next?

In the next phase, I'll add tests for the action.

Did I get stuck anywhere?

No, I didn't get stuck anywhere.

View Blog Post

Week #3: Automatic PR to update vulnerable version of a component

b31ngd3v
Published: 06/22/2023

What did I do this week?

This week, I was working on sarif optimizations and automatic PR, also did a lot of refactoring.

What is coming up next?

In the next phase, I'll finish the automatic PR feature and work on exclude_dir input option.

Did I get stuck anywhere?

No, I didn't get stuck anywhere.

View Blog Post

Week #2: Adding Vulnerabilities to the security tab

b31ngd3v
Published: 06/15/2023

What did I do this week?

This week, I added feature to the GitHub Action which will help to add vulnerabilities to the security tab, currently it generates report with cve-bin-tool and extract the vulnerabilities and generates a sarif file.

What is coming up next?

In the next phase, I'll add support for language scanners.

Did I get stuck anywhere?

Yes, there was a problem with the tool, where it was not providing the root path of some vulnerable product in the html report, so I made a pull request addressing this issue.

View Blog Post

Week #1 : Creating Basic GitHub Action

b31ngd3v
Published: 06/08/2023

What did I do this week?

This week, I created the GitHub Action which will report vulnerabilities via the security tab, and will also give the download link of HTML and PDF scan reports if any vulnerabilities are found.

What is coming up next?

Currently, It doesn't show the vulnerabilities in the security tab and only provide HTML/PDF reports. In the next phase, it'll also provide information about the vulnerabilities in the security tab.

Did I get stuck anywhere?

Yes, at first I was trying to upload the files in GitHub Artifacts, but GitHub Artifact doesn't provide download link of the artifact, so after taking the help of my mentors we decided to use a opensource file hosting platform.

View Blog Post