retire-js
There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. Using Components with Known Vulnerabilities is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.
Name:retire-js
Category:Static Code Analysis
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/retire:v4.3.4-patch-3Output Type:
License:Unknown
Source:View Source
Parameters
--extComma separated list of file extensions for JavaScript files. The default is js--pathFolder to scan for javascript files--proxyProxy url (http://some.host:8080)--cacertUse the specified certificate file to verify the peer used for fetching remote jsrepo/noderepo files--colorsEnable color output (console output only)--ignoreComma delimited list of paths to ignore--jsrepoLocal or internal version of repo. Can be multiple comma separated. Default: 'central')--nocacheDon't use local cache--verboseShow identified files (by default only vulnerable files are shown)--insecureEnable fetching remote jsrepo/noderepo files from hosts using an insecure or self-signed SSL (TLS) certificate--severitySpecify the bug severity level from which the process fails. Allowed levels none, low, medium, high, critical. Default: none--ignorefileCustom ignore file, defaults to .retireignore / .retireignore.json--includeOsvInclude OSV advisories in the output--outputformatValid formats: text, json, jsonsimple, depcheck (experimental), cyclonedx and cyclonedxJSON