Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Reporting and SCA
-
We have a application that included a package with known vulnerability, but the report is telling us no vulnerabilities are detected. Please advise.
Microsoft.Rest.ClientRuntime@2.3.18
https://security.snyk.io/vuln/SNYK-DOTNET-MICROSOFTRESTCLIENTRUNTIME-5768475
https://nvd.nist.gov/vuln/detail/CVE-2022-26907
-
That vulnerability is in our database as PGV-2228003, and it shows up when I view that package:
If you can provide more details about what you mean by " the report is telling us no vulnerabilities are detected" I can investigate further.
Thanks,
Steve
-
This is what I see from an ASP.NET Web API project
Here is from another another scan from a package in one of the feeds
-
Hi @rick-kramer_9238 ,
It looks like you're using ProGet 2023? That functionality was relatively new in that version and there is very possibly some kind of bug linking the two together.
We've since made some big improvements to SCA/compliance, so I would recommend upgrading. Many of the changes were in ProGet 2024:
https://docs.inedo.com/docs/proget-upgrade-2024#new-features-in-proget-2024-- Dean
