[TriLUG] Perl Library Vulnerability Checking
Jos Purvis via TriLUG
trilug at trilug.org
Tue Apr 4 13:56:01 EDT 2023
Hi folks,
I figured I stood a decent chance of locating a few Perl-mongers on this list, so I thought I'd start here. I'm doing a software source-code review of an app that's written about 80% in Perl. Ordinarily I'd fire up a tool like osv-scanner to review the included libraries for any vulnerable versions, but almost nothing (including osv-scanner) supports Perl. The project even has a lovely-looking cpanfile in the root of the repo, but sadly I can't seem to find anything that will pick it up and do something useful with it!
Before I started scripting my way into something complicated and messy I thought I'd check and see if anyone knows of a good tool for checking vulnerable versions of included Perl libraries. :)
Thanks in advance,
Jos
More information about the TriLUG
mailing list