Skip to main content
Version: 6.4.0

Vulnerability scanner

warning

Vulnerability scanner jest dodatkiem płatnym dostępnym w naszym Marketplace - Kup YetiForce Vulnerabilities

The tool checks if there are any vulnerabilities in external libraries that need to be removed. The functionality requires an internet connection as it sends information from composer.lock to an external service. The built-in security mechanism in the current version connects to the dedicated YetiForce Security service (https://security.yetiforce.com).

Description

The vulnerability detector currently verifies on the worldwide CVE database:

  • some of the external libraries used by the system (e.g. libraries written in PHP),
  • vulnerabilities for the used version of PHP,
  • vulnerabilities for the webserver (Apache, Nginx),
  • vulnerabilities for libraries on the server: OpenSSL,
  • vulnerabilities for SQL engine (MySql, MariaDB).

Ultimately, the system will be able to verify all external libraries regardless of technology. We also plan to detect vulnerabilities in applications installed on the server, e.g. IMAP, PGP, etc.

Even though the application can only verify some libraries by default, the producer, checks for vulnerabilities in all libraries using tools such as https://snyk.io/ , https://depfu.com/ , https://blackducksoftware.com/ , https://david-dm.org/ , https://sonarcloud.io/ and many other applications.

vulnerability-1.jpg

vulnerability-2.jpg

If no vulnerabilities were found, the following message will be displayed:

vulnerability-3.jpg

YetiForce Security Dependency Check

The security.yetiforce.com vulnerability detection mechanism operates on the official CVE based vulnerability database available at https://github.com/FriendsOfPHP/security-advisories.

System Warnings

Vulnerability detection is also performed in the System warnings panel - the system regularly checks security gaps and informs the administrators about any potential threats that need to be dealt with.

vulnerability-4.jpg