Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21226

Provide a extension security analyzer for Github API

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 15.6
    • Extension - Security
    • None
    • Unknown

    Description

      It could be interesting to provide an ExtensionSecurityAnalyzer based on Github API as it seems to be able to suffer from less limitations for xwiki-platform/rendering components.

      See https://forum.xwiki.org/t/source-of-cves-for-the-security-dashboard/12623/8?u=mleduc

      https://github.blog/changelog/2023-07-28-get-global-security-advisories-via-rest-api/

      curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  'https://api.github.com/advisories?ecosystem=maven&affects=org.xwiki.platform:xwiki-platform-livetable-ui@15.1'

      Attachments

        Activity

          People

            Unassigned Unassigned
            mleduc Manuel Leduc
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: