Skip to main content

LunaTrace Your Repos for Known Exploited Vulnerabilities

· 2 min read
Yiannis Pavlosoglou
Free Wortley

The CISA Known Exploited Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency (CISA) maintains a catalog of vulnerabilities which are known to be actively exploited in the wild.

As of January 2023, this list contains 871 vulnerabilities ranging from multiple product remote code execution vulnerabilities to vulnerabilities on frameworks such as Apache Struts, Log4Shell and similar.

LunaTrace Now Scans for the CISA Catalog of Vulnerabilities and More

Within LunaSec, we have started the year full throttle, and now offer scanning for the CISA known exploited vulnerabilities and much more.

Our security engineering team has added to the CISA catalog the vulnerabilities that we see causing most issues in terms of exploitation through 3rd party dependencies.

This means that you can now scan your repositories with LunaTrace for these vulnerabilities and if they are identified they will be reported as critical for remediation.

LunaTrace Becomes a Verb in Software Composition Analysis

You can now “LunaTrace” your repositories and your code to assess whether they are vulnerable to the most commonly exploited vulnerabilities. This moves away from the mentality of requiring hours to triage findings, focusing only on what should be fixed.

It goes well beyond reporting vulnerabilities in the standard high, medium, low categories. What you see in the critical list are vulnerabilities that should be remediated as a priority.

LunaSec Establishes a Process for Reporting Important Vulnerabilities to You

Our engineering team has established a process by which to select and triage important vulnerabilities, so that you don’t have to.

We offer this to all our LunaTrace Pro customers for the purpose of reporting in the critical category vulnerabilities that should be addressed as a priority.

How brilliant is that for January 2023! With a quick scan of your repo, using LunaTrace you can establish if you have any dependencies that require immediate attention.