Describe the bug
Online docs for NETW-3200 are not yet implemented.

Version

• Distribution: Ubuntu 18.04
• Lynis version: 3.0.0

Expected behavior
A (minimal) description of the problem should exist and ideally a general direction on how to fix the issue.

Output

A new discovery!

Oops, looks like this control is not listed yet in the database.

Want to help 

Thanks for this great tool!

Hoping to get some clarification here surrounding commits. I've setup automation around Gitleaks to scan commits as they happen on a few repositories, however, the tool is alerting when the secret is first committed, and then alerting a second time when it's removed (not a file deletion, but a line removal).

Is there any configuration options to disable alerts w

The email address provided in the "Commercial Uses" section in LICENSE.md is invalid. Emails send to that address return with "User unknown" notice.

Project "Hinty" aims at adding Type hints to Scapy. It will help discover bugs, improve the API, and make Scapy up-to-date with the high standards of Python libraries.

Implementation

We use mypy to ensure automatic testing of the work that has already been completed. PRs that fall under project Hinty will process one (or a few) files and register them into the checks. The file

Eg: norestored.

And until then, change the man page to say that it is incomplete, and to look in examples and the changelog. Are there configuration settings that are only documented in code?

The Chinese translated version of the README is well out of date, last updated 2 years ago.
The current English README needs to be translated to replace this old one, or to be removed.
.github\.translations\README-zh.md

In a server / client setup it would be great if Trivy would expose some metrics about the scans happen with the central server.
Some useful metrics for my implementation:

• Last DB Update (timestamp)
• Last DB Update Attempt (timestamp)
• Sum of Issues found
• Sum of Issues found splited up in SEVERITY
• Sum of Issues found splited up in sources (OS, Python, Node etc)

As Trivy is build to

Summary

(I tested this for G201 but inspected the code for G202 and believe it has the same issue.)

G201 will detect SQL string formatting when I have fmt.Sprintf("SELECT * FROM TEST UNION %s", "SELECT * FROM test") in my code. However, it will not detect when I have fmt.Sprintf("select * from test union %s", "select * from test") in my code. I believe this is a bug.

See: https://g

Exploiter selector should have these additional features:

• Filter by type. There should be keywords/buttons like "brute force", "vulnerability", "unsafe", "all" that would enable/disable corresponding exploiters.
• Exploiter description. Upon clicking on exploiter user should see a short description of with with CVE if it has one.

This feature should be an extension of [list selection reac

The dashboard app doesn't have much documentation - it took me a while to figure out I needed to install the Google Cloud SDK to do anything with it. It would be nice to have some basic setup instructions documented.

It'd be helpful if there was a check for ELB and ALBs that have either no listeners or no instances in their target pool. The check is similar to an unused security group although their are more financial penalties for having idle ELB and ALBs.

There are several issues open that suggest that it is unclear how Bandit is meant to be executed. In fact, there are no usage instructions at all in the Bandit docs.

Describe the solution you'd like

There should be simple, crisp, usage instructions in the Bandit docs, e.g.

Install Bandit:

pip install bandit

Run Bandit o

Environment

Cobra version: 2.0.0-alpha.5
Python version: 2.7.10
Operating system: Darwin-15.5.0-x86_64-i386-64bit
Command line: cobra.py -t tests/vulnerabilities/ -r CVI-167001.xml

Traceback

Traceback (most recent call last):
  File "/Users/Viarus/Documents/cobra/cobra/__init__.py", line 82, in main
    cli.start(args.target, args.format, args.output, args.special_rules, a_sid)
 

Many users of Cameradar are not english-speakers but Chinese and Russian speakers. I saw already that @wxylssy started translating the README to Simplified Chinese on his fork.

It would be nice to have official translations to help new users that are not english-speakers understand the project, so @wxylssy if you'd like to contribute you are more than wel

What would you like to be added

I would love to have a MongoDB database connector.

Why this is needed

All our other services use MongoDB and I would love to keep everything unified in one database system.

Failing that, is it possible to provide a pluggable webhook that we can have and then enter into our own database?