Before moving updates from the past few weeks into prod, I ran a security scan that returned a list of potential security vulnerabilities. After fixing the first, the Agent froze and I reloaded the page. After, nothing showed in the list, so I ran the scan again. It took about 50-100ms and nothing showed in the list. (Image below)
I ran a check in Assistant and we were showing 9 vulnerabilities (6 moderate, 3 low).
Now when going back into Security Scanner they have reappeared (after making a few changes). Will Security Scanner only scan if it can see a code difference between checkpoints or last scan?
1 Like
The UX with the scanning tool is very flaky. I had to re-run 4 times, and each time it told me it was upgrading the same package. I needed to do a few browser hard refreshes before it decided there were no remaining issues.
And then I asked agent to confirm the new package and was told it hadn’t been upgraded. So I asked agent to do it - which it did fine.
In summary, a mess.
Would you say it typically uncovers more when it works? Or would npm audit work better for now?
I’ve not really relied on them enough, and probably should. I’d be tempted to try a few other tools. What is that one you mentioned?
It’s npm - https://www.npmjs.com/
Replit installed it a while back in my app. ‘npm audit’ is just a command in shell that will perform a security audit on your app.
1 Like
