It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts:

• Expired or soon to expire passwords (passwd -e)
• Locked accounts (passwd -S )
• Expired accounts (chage -E / chage -l )

In a server / client setup it would be great if Trivy would expose some metrics about the scans happen with the central server.
Some useful metrics for my implementation:

• Last DB Update (timestamp)
• Last DB Update Attempt (timestamp)
• Sum of Issues found
• Sum of Issues found splited up in SEVERITY
• Sum of Issues found splited up in sources (OS, Python, Node etc)

As Trivy is build to

Thank you for this project!

I have been struggling to work out how best to configure a CI for using DependencyCheck.

For example, I'd like to use the caching feature of GitHub actions with DependencyCheck to avoid redownloading all the CVEs on each build.

1. Is there a shared cache I can refer to?
2. If not; what's the "right" way to set up a shared cache for my project?

Ideally, this

Description

When we have an automatic email reports configuration and there are no alerts to be reported that day (e.g the rule or group of rules that we have configured in reports have not triggered during the day), the report will not be sent.

This is not good behavior because it can lead the user to think that the automatic reports are not working.

Let's also say that I have to sen

(This old idea popped up to my mind while discussing #219.)

To be both consistent and more intuitive, etc/plugins.txt should be rename etc/plugins.ini.

*.ini or *.conf carry a meaning, whereas *.txt is not. Since the base of cve-search uses *.ini , let's stick to that. Python configparser documentation also refer to "INI fi

The database is saved to and used from the current directory versus somewhere better like ~/.vfeed/. This hampers several things, but most notably putting a symlink somewhere in my path to be able to call/use vfeedcli.py from any directory (cd ~/bin; ln -s path/to/vFeed/vfeedcli.py vfeed) like a system-wide command.

Btw, I have a patch for this already and will sent a PR shortly.

I would love to see a short section about the error codes of check.

Black (under Command line options) does that and it helped me a lot:

--check                     Don't write the files back, just return the
                              status.  Return code 0 means nothing would
                              change.  Return code 1 means some fi

Say, if you leave the web page unattended for awhile and it logs off by timeout, you won't notice anything, except that UI stops working for no apparent reason

https://docs.dependencytrack.org/integrations/badges/

Current Behavior:

You need to hardcode version (or UUID - which changes by version (!)) in the url for the badge - it would be more convenient to have an url for latest version.

Proposed Behavior:

Just point at name and get semver latest version (or latest scanned version) - this way the url can be stable in READMEs etc.

I think that you are doing a very necessary system and your idea is cool, but at the moment it has a lot of bugs. From what I noticed, the assets do not understand the ascii characters and the system crashes. In addition, I did not find a description of the API, I would like to integrate your system into TheHive, or rather make it possible to view information about an asset in TheHive. I believe t

Hi team,

I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.

https://github.com/wazuh/wazuh-ruleset/blob/725a0155cfde0a849729d9d174f03e1453e31242/rules/0610-win-ms_logs_rules.xml#L37-L63

To match rules 63103, 63104 and 63105, the logs must have matched before rules `60