[TriLUG] Perl Library Vulnerability Checking

Jos Purvis via TriLUG trilug at trilug.org
Tue Apr 4 13:56:01 EDT 2023


Hi folks,
I figured I stood a decent chance of locating a few Perl-mongers on this list, so I thought I'd start here. I'm doing a software source-code review of an app that's written about 80% in Perl. Ordinarily I'd fire up a tool like osv-scanner to review the included libraries for any vulnerable versions, but almost nothing (including osv-scanner) supports Perl. The project even has a lovely-looking cpanfile in the root of the repo, but sadly I can't seem to find anything that will pick it up and do something useful with it!

Before I started scripting my way into something complicated and messy I thought I'd check and see if anyone knows of a good tool for checking vulnerable versions of included Perl libraries. :)

Thanks in advance,

Jos


More information about the TriLUG mailing list