![[FREE EBOOKS] The Kubernetes Bible, The Ultimate Linux Shell Scripting Guide & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
Detect and fix vulnerabilities (CVE) & misconfigurations (IaC) for your web application
Resources Trivy OWASP Web Application Security Step-by-step guide (identify the problems and fix them on your local computer) Install Trivy After installing and running the command, you should see version information similar to the following trivy --version Scan the local projects Docs Filesystem Navigate to the target project and run the command trivy fs . Generated report example Update, Patch, or Remove Vulnerable Packages Focus on fixing Critical and High severity vulnerabilities first. Use package management tools to find out why a package is installed. For example, yarn why @babel/traverse Output Note that @babel/traverse exists because @babel/core depends on it. Since our project still requires @babel/core, we upgraded the @babel/core version by executing the command yarn add @babel/core -D, and executed trivy fs . to generate the report again to see if the security issue is resolved. After upgrading @babel/core, the Critical problem is solved.
Resources
OWASP Web Application Security
Step-by-step guide (identify the problems and fix them on your local computer)
Install Trivy
After installing and running the command, you should see version information similar to the following
trivy --version
Scan the local projects
Navigate to the target project and run the command
trivy fs .
Generated report example
Update, Patch, or Remove Vulnerable Packages
Focus on fixing Critical and High severity vulnerabilities first.
Use package management tools to find out why a package is installed.
For example,
yarn why @babel/traverse
Output
Note that @babel/traverse exists because @babel/core depends on it. Since our project still requires @babel/core, we upgraded the @babel/core version by executing the command yarn add @babel/core -D, and executed trivy fs . to generate the report again to see if the security issue is resolved.
After upgrading @babel/core, the Critical problem is solved.
