From 81ac50ec06c0a84fdee52af95ed9fb642aeb6d84 Mon Sep 17 00:00:00 2001 From: "v.strelchenko" Date: Wed, 2 Aug 2023 20:20:08 +0300 Subject: [PATCH 1/2] SDK-4093. Added Security update checker doc --- .../security-update.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md diff --git a/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md b/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md new file mode 100644 index 00000000000..0f4c748de31 --- /dev/null +++ b/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md @@ -0,0 +1,44 @@ +--- +title: Security update checker +description: Reference information for evaluator tools. +template: howto-guide-template +--- + +Security Update Checker is a tool that checks if security fixes exists for Spryker modules that presented in your project. + +## Problem description + +A project can sometimes use dependencies that contain known vulnerabilities. To minimize the security risk for the project, such dependencies should be updated to the version that has the vulnerability fixed. + +## Example of an evaluator error message + +```bash +======================= +SECURITY UPDATE CHECKER +======================= + +Message: Security update available for the module spryker/price-product-merchant-relationship-storage, actual version 1.14.0 +Target: spryker/price-product-merchant-relationship-storage:1.15.0 +``` + +## Example of code that causes an evaluator error + +Your `composer.lock` file contains package versions that have security issues: + +```bash +... +{ + "name": "spryker/price-product-merchant-relationship-storage", + "version": "1.14.0", + "source": { + "type": "git", + "url": "https://github.com/spryker/price-product-merchant-relationship-storage.git", + ... + }, + ... +```` + +### Resolving the error + +To resolve the error: +1. Upgrade the package to a version where the vulnerability issue is fixed. From 6e8ac3982d94bdd9525e1d6bb70027ea5f10cca0 Mon Sep 17 00:00:00 2001 From: AlexSlawinski Date: Thu, 3 Aug 2023 10:40:59 +0200 Subject: [PATCH 2/2] Update docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md --- .../upgradability-guidelines/security-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md b/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md index 0f4c748de31..80fa6cbb985 100644 --- a/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md +++ b/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/security-update.md @@ -4,7 +4,7 @@ description: Reference information for evaluator tools. template: howto-guide-template --- -Security Update Checker is a tool that checks if security fixes exists for Spryker modules that presented in your project. +Security Update Checker is a tool that checks if security fixes exist for Spryker modules that are present in your project. ## Problem description