Resources
OWASP Web Application Security
Step-by-step guide (identify the problems and fix them on your local computer)
Install Trivy
After installing and running the command, you should see version information similar to the following
trivy --version
Scan the local projects
Navigate to the target project and run the command
trivy fs .
Generated report example
Update, Patch, or Remove Vulnerable Packages
Focus on fixing Critical and High severity vulnerabilities first.
Use package management tools to find out why a package is installed.
For example,
yarn why @babel/traverse
Output
Note that @babel/traverse exists because @babel/core depends on it. Since our project still requires @babel/core, we upgraded the @babel/core version by executing the command yarn add @babel/core -D, and executed trivy fs . to generate the report again to see if the security issue is resolved.
After upgrading @babel/core, the Critical problem is solved.
Top comments (0)