There is no easier way to do that? I don't have access to all of the source code and I would hate to manage the custom code changes.
Thank you
I tried working on this for several days. Can we make this a priority as it is a big issue for us as well.
I was literally going to post about this issue as well. I haven't figured out any good solution either. But would love to of a good solution to this.
That isn't going to find package level vulnerabilities. Completely different. Also, for code vulnerabilities, OWASP could catch a lot of those. But SonarCloud will find them much quicker and will point directly to the code that is a vulnerability. OWASP wouldn't do that. Just to a basic API Endpoint level. Also, SonarCloud and Mend can easily be put into the build pipeline to check during each build. Or on a schedule.
Alper, you may want to consider using MEND (formerly WhiteSource, www.mend.io) to show vulnerabilities reported in .NET and NPM packages; it also tells you what versions the vulnerabilities have been fixed in. The second one you may want to look into is Sonarcloud (sonarcloud.io) which is incredible for finding security vulnerabilities in the actual source code.
My work uses both for compliance reasons, and they work fantastically to keep the codebase as secure as possible before deploying to the server.
Awesome. Thank you very much. I appreciate the help.
Yes that is correct. We are using Blazor Server version.
How do I update those. I can't find the correct Package.json file
I am having the same issues. Any ideas?
Does anyone have any ideas?