dmd db generate advisories

dmd db generate advisories

Seed the database with known package advisories

Usage

advisories

Synopsis

Seed the database with known advisories about packages' security or maintenance posture.

This uses information available in the Open Source ecosystem about known unmaintained packages or packages that are marked as deprecated and provides a free-form field to specify some reasoning as to why the advisory is present, and any remediation steps if necessary.

This determines whether the packages you are using are running/approaching End Of Life (EOL) versions, through integration with:

This includes the generation of licensing information (to determine i.e. "how many packages use AGPL-3.0 licensed code") as well as Common Vulnerabilities and Exposures (CVE) information, and integrates with:

Note that this may lead to the leakage of package names to external systems, which may be seen as a privacy or security issue, which can be avoided by following the documentation in the Avoiding the leakage of sensitive package names cookbook (https://dmd.tanna.dev/cookbooks/avoiding-sensitive-package-names/)

Known issues:

Options

Flag (type) Usage Notes
-h, --help help for advisories
--no-progress prevent displaying progress of long-running tasks

Options inherited from parent commands

Flag (type) Usage Notes
--db (string) the path to the input/output database
--debug whether to enable debug logging