devguard-web

638-appbar-make-text-white

fix-no-name-badge-crash

fix/risks-search

fix-org-slug

708-if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

remove-unused-files

main

660-license-combobox-overwrite

add-mechanical-justification

702-change-button-text-to-black

636-add-cyclonedx-logo-to-the-options

485-onboarding-done-button-doesnt-do-anything

async-button

634--button-to-delete-an-organization

738-no-Toast-when-git-token-is-unavailable

compliance-risks

485-onboarding-done-button-doesn't-do-anything

improved-onboarding

Add-to-the-instructions-for-GitLab-that-you-have-to-be-a-maintainer-to-configure-variables

fix/false-positve-first-party-vulns

feature/genrate-pdfs

fix-severity-grades-dashboard-filter

chore/improve-onboarding-steps

tos-agreement-in-user-settings

undefined-organizationSlug-in-EntityProviderImage

735-after-searching-for-a-CVE-the-search-bar-is-not-shown-anymore

add-information-to-activity-stream

567-Display-the-password-policy-on-the-registration-page2

fix-manual-sarif-upload

0.11.1 656-improve-action-in-risk-handling

598-concept-for-registration-workflow

fix/issue-810

649-onboarding-workflow-fix-slider-animation

fix-vulns-error-handling

639-deleting-a-project-results-in-404

feature/sbom-report

467-only-display-licenses-with-more-that-0%-of-the-packages

add-sca-and-container-scanning-to-integrationsnippet

777-error-message-that-an-account-with-the-e-mail-address-already-exists2

658-Inconsistent-naming-sometimes-asset-sometimes-repository

If-no-compliance-rules-are-activated,-there-should-be-a-gray-state

add-secrets-option-to-asset

700-search-looses-focus-after-typing-the-first-character

repository-search-is-not-working-anymore

update-deps

578-sbom-upload-button-is-finder-if-not-nothing-is-selected-yet

chore/improve-login-registration

feautre/jira-integration

login-torus

fix-settings-crash-when-refreshing

813-exporting-sboms-does-not-work

fix/badgiApiUrl

onboarding

545-Scanner-badge-should-not-break-lines-but-include-hoverable-tooltip-about-fullname

license-combobox-overwrite

567-Display-the-password-policy-on-the-registration-page

prism-login

708---if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

pdf-download

190-dependency-table-dialog-with-graph

rerender-badge-when-new-license-is-selected

project-member-edit-should-be-more-logical

fix-wrong-github-actions-secret-scanning-yaml

654-two-scores-cognitive-dissonance

777-error-message-that-an-account-with-the-e-mail-address-already-exists

492-add-make-visible-button-to-password-inputs

User-Settings-home-button-leads-to-undefined

455-in-app-footer-should-be-displayed-always-on-bottom-of-screen

update-badge-api

634-button-to-delete-an-organization

599-zoom-image-when-clicking-on-it

644-add-sarif-logo-to-onboarding-flow-and-remove-report

fix/EntityProviderLinkBanner

fix/gitlab-pipeline

add-InputWithButton-component

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password-2

feature/sast

0.11.0 fix/org-creation-error

fix-active-org-error

improve-organization-dropdown-component

472-Wrong-color-for-checkmark-should-be-black-like-fixed-state

531-make-images-clickable-to-increase-size

577-add-fingerprint-icon-to-visualise-difference-in-Sign-in-With-Passkey

login-screen

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password

deleting-a-project-results-in-404

759-Add-Icons-to-Ory-Buttons

756-threejs-devguard-badge-is-blocking-onboarding-flow

Devguard-Pipeline

Badge API Documentation

Badge API

Badge API Programm ZenDiS

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

Devguard Postgresql

DevGuard Operator

 Devguard-Pipeline

devguard-documentation

devguard-scanner

devguard

devguard-action

Devguard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

David Luhmer

Refaei Shikho

Frédéric Noppe

L3montree Cybersecurity

This is a scan for Devguard CI/CD components in a GitLab project, aimed at testing whether these components function correctly.

The documentation for the DevGuard Project

The scanner component of the devguard project

Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individual users do not directly depend on `@babel/helpers`, and instead depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees use of a new enough `@babel/helpers` version. Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available.

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

	Package	Max Risk	Max CVSS	Vulnerability Count	Installed Version	Action
	@babel/runtime	LOW (2.9)	MEDIUM (6.2)	1	7.22.5	Update to version 7.26.10 to reduce total risk by 2.9
	prismjs	LOW (1.1)	MEDIUM (4.9)	1	1.27.0	Update to version 1.30.0 to reduce total risk by 1.1

/Devguard
Project
/devguard-web
Repository

Identified Risks