azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 12:31:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6a948321d3c92baa29b5d8a685130997cebc1f76
satellite-provider/_docs/05_security/dependency_scan_cycle10.md
T
Oleksandr Bezdieniezhnykh c79998bfa7 [AZ-1113] Cycle 10 closeout: docs, perf harness, security 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 10:55:59 +03:00

1.5 KiB
Raw Blame History

Dependency Scan (Cycle 10)

Date: 2026-06-25 Mode: Delta scan Scope: Cycle-10 delta over cycle-9 (dependency_scan_cycle9.md). Surface = AZ-1113 (REST 400 error sanitization — no package manifest changes). Method: dotnet list SatelliteProvider.sln package --vulnerable --include-transitive.

Cycle-10 Package Manifest Diff

csproj Cycle 9 baseline Cycle 10 change
All csproj unchanged +0 packages added or bumped

Vulnerable Package Scan (2026-06-25)

Project Finding Severity Notes
SatelliteProvider.Api none Production runtime — clean
SatelliteProvider.IntegrationTests transitive Microsoft.IdentityModel.JsonWebTokens 7.0.3, System.IdentityModel.Tokens.Jwt 7.0.3 Moderate GHSA-59j7-ghrg-fj52 — test-runtime only (pre-existing; unchanged)
SatelliteProvider.TestSupport System.IdentityModel.Tokens.Jwt 7.0.3 + transitive JsonWebTokens 7.0.3 Moderate test-runtime only — pre-existing

Cycle-10 Findings

No new dependency CVEs. AZ-1113 is a code-only change (static error strings); no NuGet manifest edits.

Carry-overs

  • D-AZ795-1 (Low): FluentValidation 12.0.0 → 12.1.1 — still open (explicitly out of AZ-1113 scope)
  • D2-cy4 (Medium, test-runtime): Microsoft.NET.Test.Sdk transitive — still open

Verdict

PASS (cycle-10 delta) — zero new CVEs.

Cumulative: PASS_WITH_WARNINGS — D2-cy4 + D-AZ795-1 carry-overs unchanged.

Reference in New Issue View Git Blame Copy Permalink