@sectester/reporter
v0.33.3
Published
Provide an abstraction for generating test results as part of the particular test frameworks.
Downloads
826
Readme
@sectester/reporter
Provide an abstraction for generating test results as part of the particular test frameworks.
Setup
npm i -s @sectester/reporter
Usage
The package provides an implementation of the Reporter
that lets to get results to stdout, i.e. StdReporter
:
import { Reporter, StdReporter } from '@sectester/reporter';
const reporter: Reporter = new StdReporter();
You just need to call the report
method to send findings to stdout:
await reporter.report(scan);
In addition, the package exposes a PlainTextFormatter
that implements a Formatter
interface:
import { Formatter, PlainTextFormatter } from '@sectester/reporter';
const formatter: Formatter = new PlainTextFormatter();
To convert an issue into text, you just need to call the format
method:
formatter.format(issue);
Issue in Bright UI: https://app.neuralegion.com/scans/djoqtSDRJYaR6sH8pfYpDX/issues/8iacauN1FH9vFvDCLoo42v
Name: Missing Strict-Transport-Security Header
Severity: Low
Remediation:
Make sure to proprely set and configure headers on your application - missing strict-transport-security header
Details:
The engine detected a missing strict-transport-security header. Headers are used to outline communication and
improve security of application.
Extra Details:
● Missing Strict-Transport-Security Header
The engine detected a missing Strict-Transport-Security header, which might cause data to be sent insecurely from the client to the server.
Remedy:
- Make sure to set this header to one of the following options:
1. Strict-Transport-Security: max-age=<expire-time>
2. Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
3. Strict-Transport-Security: max-age=<expire-time>; preload
Resources:
- https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#hsts
Issues found on the following URLs:
- [GET] https://qa.brokencrystals.com/
License
Copyright © 2024 Bright Security.
This project is licensed under the MIT License - see the LICENSE file for details.