I have a project, written in C++, and built into docker image. I used some opensource libraries (nlohmann json, gtest, cpr etc) in my project.
Now, i was trying to find open source vulnerabilities using Whitesource Bolt. I added the extension to Azure pipeline task.
I wonder, how Whitesource Bolt identifies vulnerabilities in those opensource modules. i read that, they will create a digital signature and compare it with their database.
But, can anyone describe how they are creating digital signature, or how they are identifying open source modules in our code ?
Aucun commentaire:
Enregistrer un commentaire