Skip to content

OWASP/cve-lite-cli

v1.15.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 22d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

GitHub Action now supports --usage, --only-used, --sarif, and defaults no-cache to true in CI.

Full changelog

Added

  • GitHub Action now exposes --usage, --only-used, --sarif, and --no-cache inputs. The no-cache input defaults to true in CI since runners are ephemeral.
  • --sarif flag writes a SARIF 2.1.0 file to the current directory for upload to GitHub Code Scanning. One result per CVE, rules deduplicated, severity mapped to SARIF levels.

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]