How to use Checkmarx advidory to analyze vulnerabilty issues?
Since a few versions back I have started getting an issue, reported by "Checkmarx advisory":
However, my solution is a corporate SDK of about 40 projects, and I get no indication of whic one(s) are referring to the Microsoft.AspNetCore.Server.Kestrel Nuget. None of my projects have a direct dependency to this Nuget so I must assume there's some transient dependency somewhere. So, while it's great knowing there's a vulnerability, the information is quite useless to me.
Is there a way to diagnose such problems? Also, I have found no way to trigger this scan manually so trying to isolate the culprit is extremely time consuming as the scan only seems to happen when the solution is being loaded, but not continuously during work.
I have found no documentation for how to use the Checkmarx advisory feature in Rider. Some googling resulted in this 2022 blog post but it related to IntelliJ and most of the information doesn't seem to carry over to Rider. Any links to more information would be greatly appreciated.
Please sign in to leave a comment.
Hi Jonas!
Thank you for contacting us.
For now, there is only information about such packages. However, we have corresponding feature requests for improvement: for navigation and for a better report. It is also not possible to run this analysis manually, but it starts automatically after each package change in a solution.
I hope this helps! Should you have any other questions, let us know.
Thanks for the clarification. Is it possible to up-vote and/or follow the feature request?
You can upvote them once you've logged in to YouTrack with your JetBrains account.