API not showing Security Vulnerabilities
Issue #382
resolved
I'm paying for the VersionEye service. The web interface shows vulnerabilities, however, the API does not show them using the /security endpoint. That endpoint doesn't show anything when trying different values for the language parameter.
Comments (9)
-
-
I'm thoroughly confused now as the package that is listed as vulnerable under the security tab npm concat-stream : 1.6.0 does not actually show up in the Dependencies list under the yarn.lock file. Checking the actual yarn file in the git repo does show this concat-stream package. But once again, API gives it a clean bill of health.
-
-
assigned issue to
Robert Reiz
-
assigned issue to
-
Can you please post here a link to your project? Or at least the name of your organisation?
-
@reiz: The name of the org is: fahmedquartethealthcom_orga. I want to prevent posting sensitive information in a public forum as much as possible. Hope you understand.
-
I'm using https://github.com/Sharpek/versioneye-slack so perhaps it's not you on the API side.
But I have yet to receive an email notification.
-
Correct me if I'm wrong. This is what I have figured out:
The key/value pair
"Security_Vulnerabilities": nulldoesn't mean much when it comes to Projects. However, it does make sense where parsing through the child_ids (using the /projects endpoint). The documentation could be better here unless I have grossly missed something. Let me know if my assessment is correct or if I'm doing something wrong.
-
@reiz Feel free to close this.
-
- changed status to resolved
I'm still not fully understand the problem. But if this is still an issue then send a email to support@versioneye.com.
- Log in to comment
Signed up for a bitbucket account. I am also not seeing any notifications on the notification screens nor did I receive any notifications in the mail. Are the security issues listed in red on the web-interface false positives?