Skip to Content (Press Enter)
Back to Ideas
13
Like
Follow Idea
Warning about possible vulnerable components based on CVE (Common Vulnerabilities and Exposures)
360Views
3Comments
New
Architecture & Governance 

Based on the public CVE database, OutSystems Estudio could notify you when a component, library or other external item has a public CVE (Common Vulnerabilities and Exposures).


Example: I found a javascript library that allows you to upload and manipulate images, and I implemented it in my OutSystems application.

But I didn't know that this library in the version I implemented was vulnerable, publicly known.


So, just as the studio today shows some warnings during development, it would be interesting now that it uses AI, for the platform to somehow visually show that the version of the library I implemented has a CVE (Common Vulnerabilities and Exposures).


This would increase the level of security and help developers or projects that do not have a security team to validate or do pentesting.


Imagine, a warning appears in the studio: Component XYZ has a CVE registered in this version.


:)

30 Dec 2023
Copy link to comment
Merged this idea with 'Automatically search for vulnerable and outdated components (OWASP A06:2021)' (created on 22 Jan 2024 12:31:45 by Remco Dekkinga)
22 Jan 2024
Copy link to comment

The system should do automatic static code analysis and validation on Javascript libraries used in modules where they are validated against available lists of known vulnerabilities in public javascript libraries.

It shouldn't matter at which point in time. Whether it is done during publishing, periodically by AI Mentor Studio, or when published to the Forge.

For example OWASP Dependency-Check | OWASP Foundation 

22 Jan 2024
Copy link to comment

is this similar (maybe can be merged ?)

22 Jan 2024
Copy link to comment