NAME

Dist::Zilla::Plugin::Test::CVE - add tests for known CVEs

VERSION

version v0.1.2

SYNOPSIS

In the dist.ini:

[Test::CVE]
filename = xt/author/cve.t
author = 1
deps   = 1
core   = 1
perl   = 0

DESCRIPTION

This is a Dist::Zilla plugin to add Test::CVE author tests to a distribution for known CVEs.

Note that this module is experimental. See "SECURITY CONSIDERATIONS".

CONFIGURATION OPTIONS

filename

This is the test filename. It defaults to xt/author/cve.t.

All other options are passed to Test::CVE.

SECURITY CONSIDERATIONS

This will only identify known CVEs in list dependencies. It may not identify CVEs in undeclared prerequisites or deep prerequisites.

The results from running Test::CVE on a CPAN distribution may or may not be useful.

If there is a fix available for a CVE, then authors can update the minimum version of that prerequisite.

If there is no fix, then authors may have no choice but to add the issue to the skip list. There is the risk that authors will forget about skipped security issues if they remain unfixed for a long time.

There is also a risk that authors may add issues to the skip list if this test blocks a release, and then forget to remove the issue when a fix is released.

SUPPORT

Only the latest version of this module will be supported.

This module requires Perl v5.20 or later. Future releases may only support Perl versions released in the last ten years.

Reporting Bugs and Submitting Feature Requests

Please report any bugs or feature requests on the bugtracker website https://github.com/robrwo/perl-Dist-Zilla-Plugin-Test-CVE/issues

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

If the bug you are reporting has security implications which make it inappropriate to send to a public issue tracker, then see SECURITY.md for instructions how to report security vulnerabilities.

SOURCE

The development version is on github at https://github.com/robrwo/perl-Dist-Zilla-Plugin-Test-CVE and may be cloned from git://github.com/robrwo/perl-Dist-Zilla-Plugin-Test-CVE.git

AUTHOR

Robert Rothenberg <rrwo@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Dist::Zilla::Plugin::Test::CVE, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dist::Zilla::Plugin::Test::CVE

CPAN shell

perl -MCPAN -e shell
install Dist::Zilla::Plugin::Test::CVE

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)