vulnerabilities

What would you like to be added:

Please add some basic instructions for compiling the binaries to the install readme as an alternative to curl to bash.

Why is this needed:

Some folks are uncomfortable with the security implications of curl to bash

There are additional use cases where users may wish to modify the functionality of the project to better fit their needs

**Addit

What happened

Evidence field doesn't show all the affected pods rather it shows only the count and only one pod details

• location: 127.0.0.1:10255
  vid: KHV044
  category: Privilege Escalation // Privileged container
  severity: high
  vulnerability: Privileged Container
  description: "A Privileged container exist on a node\n could expose the node/cluster
  \ to unwanted r

Context

• This is part of release-1.5 #148
• MEDIUM priority task

Tasks

• Remove dependency bcrypt-nodejs in package.json
• Add dependency bcrypt in package.json
• Migrate file app/data/user-dao.js to bcrypt
• Validate the instalation with the local test
• Add and submit the chang

Is this a request for help?: Yes

Is this a BUG REPORT or a FEATURE REQUEST? (choose one): FEATURE REQUEST

Can we add a option to allow the engine update vulnerabilities database through specific proxy ser

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Before installing a version we can compare previous versions (or existing version, if it's an upgrade) to alert if:

• The package about to be installed introduces a binary via the bin field in package.json
• New version has scripts defined where previous version didn't (we can add this rule to the current scripts marshall)