Skip to content

openmrs/openmrs-contrib-dependency-vulnerability-dashboard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

249 Commits
data
data
 
 
js
js
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
styles.css
styles.css
 
 

Repository files navigation

OpenMRS Dependency Vulnerability Report

A summary of known security vulnerabilities detected across OpenMRS modules by automated dependency scanning. Each module lists its vulnerable dependencies, severity levels, and recommended fix versions to help maintainers prioritize upgrades.

The dashboard is available at: https://openmrs.github.io/openmrs-contrib-dependency-vulnerability-dashboard

Components Used for displaying data

Carbon Web Components (loaded from CDN)

<script
  type="module"
  src="https://1.www.s81c.com/common/carbon/web-components/version/v2.49.0/accordion.min.js"
></script>
<script
  type="module"
  src="https://1.www.s81c.com/common/carbon/web-components/version/v2.49.0/data-table.min.js"
></script>
<script
  type="module"
  src="https://1.www.s81c.com/common/carbon/web-components/version/v2.49.0/tag.min.js"
></script>

Used components:

  • cds-accordion
  • cds-table
  • cds-tag

Project Structure

data/
 ├─ openmrs-core.json
 ├─ openmrs-module-addresshierarchy.json
 ├─ openmrs-module-attachments.json
 ├─ openmrs-module-authentication.json
 ├─ openmrs-module-bedmanagement.json
 ├─ openmrs-module-billing.json
 ├─ openmrs-module-calculation.json
 ├─ openmrs-module-cohort.json
 ├─ openmrs-module-emrapi.json
 ├─ openmrs-module-event.json
 ├─ openmrs-module-fhir2.json
 ├─ openmrs-module-htmlwidgets.json
 ├─ openmrs-module-idgen.json
 ├─ openmrs-module-legacyui.json
 ├─ openmrs-module-metadatamapping.json
 ├─ openmrs-module-o3forms.json
 ├─ openmrs-module-openconceptlab.json
 ├─ openmrs-module-ordertemplates.json
 ├─ openmrs-module-patientdocuments.json
 ├─ openmrs-module-patientflags.json
 ├─ openmrs-module-queue.json
 ├─ openmrs-module-referencedemodata.json
 ├─ openmrs-module-reportingrest.json
 ├─ openmrs-module-serialization.xstream.json
 ├─ openmrs-module-stockmanagement.json
 └─ openmrs-module-webservices.rest.json

js/
 ├─ main.js : controls the flow
 ├─ fetchReports.js : fetches the data
 ├─ parseReports.js : parses the data
 ├─ table.js
 └─ helpers.js

Report Generation :

Reports are being generated by owasp-dependency-check.yml github action workflow and then pushed into this repo . The YAML code can be found here ->https://github.com/openmrs/openmrs-contrib-gha-workflows/blob/main/.github/workflows/owasp-dependency-check.yml

parseReports.js

Extracts relevant fields from the dependency check reports.

Fallback value to "-" if missing:

Dependency Table Fields

Field Source
dependency report.dependencies.packages[0].id (name extract using regex)
version report.dependencies.packages[0].id (version extract using regex)
severity highest severity among vulnerabilities
cves vulnerabilities.length
exploit references[].name which contains "EXPLOIT"
fix version versionEndExcluding

CVE Table Fields (for severity two different version are available)

Field Source
cve_id vulnerability.name
severity cvssv3.baseSeverity or vulnerability.severity
score cvssv3.baseScore or cvssv2.score
description vulnerability.description
affected version vulnerableSoftware.software.versionEndExcluding
fixed in versionEndExcluding or versionEndIncluding
cwe vulnerability.cwes

run using

npx -y serve . -l 3000

About

No description, website, or topics provided.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

28 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages