Dawnscanner: revive the project and create an RPM package
a project by pperego
Updated about 3 years ago. 1 hackers ♥️. 2 followers.

Project Description

Dawnscanner was a ruby code security static analyzer I created in 2013 and led until a couple of years ago. Unfortunately in my last two jobs, my focus was less on ruby code, so the project lost some traction.

Now it's time to revive the project, add some security checks and create an RPM package so it can be easily installed by our users.

Goal for this Hackweek

  • Solve issue 246: DONE
  • Solve issue 245: DONE
  • Solve issue 244: DONE
  • Marge branch kbrevampin_yaml in main and release version 2.0.0 with new KB 50% DONE: I decided not to release version 2.0.0 due some basic KB updating features
  • Move the KB in a separated repository: DONE
  • Working on a python script to parse NVD CVE information for ruby and rubygems to populate KB: DONE: 375 security checks added so far

Resources

Dawnscanner source code on GitHub Dawnscanner knowledge base repository is on GitHub

Join this project

Looking for hackers with the skills:

ruby rubygem staticanalysis security

This project is part of:

Hack Week 20

Activity

  • about 3 years ago: pperego added keyword "security" to this project.
  • about 3 years ago: wfrisch liked this project.
  • about 3 years ago: pperego started this project.
  • about 3 years ago: pperego added keyword "ruby" to this project.
  • about 3 years ago: pperego added keyword "rubygem" to this project.
  • about 3 years ago: pperego added keyword "staticanalysis" to this project.
  • about 3 years ago: pperego originated this project.


    • Comments

    • pperego
      about 3 years ago by pperego | Reply

      While working on the KB rebase, fetching data from NVD API, I suddenly realize I must change the way a vulnerable dependency must be handled. Instead of changing what is working right now, I'll add a new dependency check ruby class

    • pperego
      about 3 years ago by pperego | Reply

      I think I won't release 2.0.0 today, as the last day of my first #hackweek but I'm super proud of achieved those goals, and really thanks for SuSE for this great opportunity. The project is definitely live again

    Similar Projects

    Reduce the amount of TODOs for RuboCop in OBS by enavarro_suse

    Project Description

    The OBS project has a...

    Catalog/Online Store for a bakery in Rails 7 by gfilippetti

    [comment]: # (Please use the project descriptio...

    Dawnscanner: parsing a simple sinatra application by pperego

    [comment]: # (Please use the project descriptio...

    Modernize SCC Customer Management and/or Patchfinder by digitaltomm

    [comment]: # (Please use the project descriptio...

    Dawnscanner: parsing a simple sinatra application by pperego

    [comment]: # (Please use the project descriptio...

    Dawnscanner: parsing a simple sinatra application by pperego

    [comment]: # (Please use the project descriptio...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...

    Port NeuVector zero-trust security functions to host/VM by feih

    Project Description

    Today, NeuVector on...

    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...