dmd db generate advisories
dmd db generate advisories
Seed the database with known package advisories
Usage
advisories
Synopsis
Seed the database with known advisories about packages' security or maintenance posture.
This uses information available in the Open Source ecosystem about known unmaintained packages or packages that are marked as deprecated and provides a free-form field to specify some reasoning as to why the advisory is present, and any remediation steps if necessary.
This determines whether the packages you are using are running/approaching End Of Life (EOL) versions, through integration with:
- EndOfLife.date (https://endoflife.date)
This includes the generation of licensing information (to determine i.e. "how many packages use AGPL-3.0 licensed code") as well as Common Vulnerabilities and Exposures (CVE) information, and integrates with:
- deps.dev (https://deps.dev)
Note that this may lead to the leakage of package names to external systems, which may be seen as a privacy or security issue, which can be avoided by following the documentation in the Avoiding the leakage of sensitive package names cookbook (https://dmd.tanna.dev/cookbooks/avoiding-sensitive-package-names/)
Known issues:
- Renovate data missing https://gitlab.com/tanna.dev/dependency-management-data/-/issues/77
Options
Flag (type) | Usage | Notes |
---|---|---|
-h, --help
|
help for advisories |
|
--no-progress
|
prevent displaying progress of long-running tasks |
|
Options inherited from parent commands
Flag (type) | Usage | Notes |
---|---|---|
--db (string)
|
the path to the input/output database |
|
--debug
|
whether to enable debug logging |
|
Related
dmd db generate
- Generate new data into the database