GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RetireJS → grunt-retire

RetireJS / grunt-retire

Licence: other
Grunt plugin for retire.

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

securitygruntbuild-tooldependenciesvulnerability-detectionretirevulnerability-identification

Projects that are alternatives of or similar to grunt-retire

Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+2489.89%)
Mutual labels:  vulnerability-detection, vulnerability-identification
avain
A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-37.08%)
Mutual labels:  vulnerability-detection, vulnerability-identification
Sbt Dependency Graph
sbt plugin to create a dependency graph for your project
Stars: ✭ 1,223 (+1274.16%)
Mutual labels:  build-tool, dependencies
ShonyDanza
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: ✭ 86 (-3.37%)
Mutual labels:  vulnerability-detection, vulnerability-identification
Dependencycheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Stars: ✭ 3,571 (+3912.36%)
Mutual labels:  build-tool, vulnerability-detection
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+202.25%)
Mutual labels:  vulnerability-detection, vulnerability-identification
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-67.42%)
Mutual labels:  vulnerability-detection, vulnerability-identification
kbdashboard
Tool to configure, build and install multiple linux kernels.
Stars: ✭ 14 (-84.27%)
Mutual labels:  build-tool
gomajor
Go tool for major version upgrades
Stars: ✭ 58 (-34.83%)
Mutual labels:  dependencies
Xake
Another MAKE utility implementation on F#, fully declarative with no-brain parallelism, inspired by Shake
Stars: ✭ 24 (-73.03%)
Mutual labels:  build-tool
image-optimizer
Smart image optimization
Stars: ✭ 15 (-83.15%)
Mutual labels:  build-tool
freshli-lib
A tool for collecting historical metrics about a project's dependencies
Stars: ✭ 12 (-86.52%)
Mutual labels:  dependencies
jagen
A software engineer's workspace manager and build systems wrapper
Stars: ✭ 32 (-64.04%)
Mutual labels:  build-tool
presetter
🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
Stars: ✭ 61 (-31.46%)
Mutual labels:  build-tool
dependency-check-py
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-50.56%)
Mutual labels:  vulnerability-detection
rudebuild
A non-intrusive bulk/unity C++ build tool for Visual Studio
Stars: ✭ 16 (-82.02%)
Mutual labels:  build-tool
bob-build
Meta-build system using Blueprint and ninja
Stars: ✭ 24 (-73.03%)
Mutual labels:  build-tool
alfred
(v0.2) Even Batman needs a little help. Task runner. Automator. Build system.
Stars: ✭ 62 (-30.34%)
Mutual labels:  build-tool
cpan-audit
Check CPAN modules for known security vulnerabilities
Stars: ✭ 27 (-69.66%)
Mutual labels:  vulnerability-detection
Angular
web项目Demo,前端采用Angular+Grunt+bower+Requirejs+Bootstrap,后台使用SpringMVC框架
Stars: ✭ 16 (-82.02%)
Mutual labels:  grunt
View All Similar Projects ➔

grunt-retire

NPM version Retire Status

Grunt task for retire.js. Scanner detecting the use of JavaScript libraries with known vulnerabilities.

Getting Started

This plugin requires Grunt >=1.0.0. Version 0.3.12 is compatible with Grunt 0.4.

If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:

npm install grunt-retire --save-dev

Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:

grunt.loadNpmTasks('grunt-retire');

Retire task

Run this task with the grunt retire command.

This task primarily delegates to Retire, so please consider the Retire documentation as required reading for advanced configuration.

Task targets, files and options may be specified according to the grunt Configuring tasks guide.

Available options

Example configuration below shows default option values and the correct syntax to use if you want to override any of them. If no options are provided, the default values as shown below are used.

    retire: {
      js: ['app/src/*.js'], /** Which js-files to scan. **/
      node: ['node'], /** Which node directories to scan (containing package.json). **/
      options: {
         proxy: 'http://something.something:8080',
         verbose: true,
         packageOnly: true, 
         jsRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json',
         nodeRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json',
         outputFile: './retire-output.json',
         ignore: 'documents,java',
         /** list of files to ignore **/
         ignorefile: '.retireignore' //or '.retireignore.json'
      }
    }

proxy: url, proxy (supports basic auth).

verbose: true/false, default is true. More verbose output (grunt -d may also be used for even more debug output).

packageOnly: true/false, default is true. Only scan only dependencies in package.json, skip dependencies to dependencies.

jsRepository: String, default is https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json. JSON file which specifies where to retrieve Javascript vulnerability database.

nodeRepository: String, default is https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json. JSON file which specifies where to retrieve Node vulnerability database.

outputFile: String, default is false. Path to creation of output file report in JSON format.

ignore: String, default is empty. Paths to ignore when scanning for JavaScript files.

Scan javascript files only

    retire: {
      js: ['app/src/*'], /** Scan js-files in app/src/ directory and subdirectories. **/
      options: {
      }
    }

Running grunt retire will scan files in app/src/ for vulnerable libraries. If file sources for both node and js are specified, scanning js only is possible using retire:js

Scan node dependencies example

    retire: {
      node: ['module/'], /** Scan node project in directory module/. Should be ['.'] for normal projects **/
      options: {
      }
    }

Running grunt retire will scan all dependencies specified under dependencies in package.json for vulnerable libraries. If file sources for both node and js are specified, scanning node only is possible using retire:node

Example output with one vulnerability found in jquery-1.6.js:

➜  grunt-retire git:(master) ✗ grunt retire
Running "retire:jsPath" (retire) task
JS repository loaded from: https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json
>> test-files/jquery-1.6.js
>> ↳ jquery 1.6 has known vulnerabilities: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
Node repository loaded from: https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json

Example output when no vulnerabilities are found

➜  grunt-retire git:(master) ✗ grunt retire
Running "retire:jsPath" (retire) task
JS repository loaded from: https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json
Node repository loaded from: https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json
No vulnerabilities found.

Done, without errors.

Release History

  • 2020-04-28 1.0.9 Upgrade vulnerable dependencies :)
  • 2019-04-15 1.0.8 Upgrade to latest version of retire.js
  • 2017-02-03   1.0.7 Added .npmignore so we don't publish test-files directory.
  • 2016-12-13   1.0.6 Added [email protected] as a dependency so we are compatible with [email protected].
  • 2016-11-29   1.0.5 Removed dependency request in package.json. Moved repository from bekk to RetireJS.
  • 2016-09-02   1.0.3 Compatible again with Node 0.10.x. v1.0.2 broke compatibility because of find().
  • 2016-08-29   1.0.2 Uses retire 1.2.x, which supports ignoring specific vulnerabilities through .retireignore.json.
  • 2016-05-31   1.0.0 Upgraded dependency for Grunt to 1.0.0 to get remove graceful-js warning. Requires Grunt 1.0.x or newer.
  • 2016-02-22   0.3.12 Added support for Grunt 1.0.0.
  • 2016-02-12   0.3.11   Upgraded dependencies.
  • 2013-11-12   0.1.15   Upgrading dependencies. Proxy support.
  • 2013-10-30   0.1.12   Upgrade to retire v0.1.12. js and node defined as targets.
  • 2013-10-30   0.1.0   First version.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].