Jul-13-2018, 06:32 PM
(Jul-12-2018, 07:30 PM)micseydel Wrote: I wasn't familiar with checkmarx, and just did a quick Google search so if I seem ignorant that would be why...packages like(Jul-12-2018, 06:23 PM)saisankalpj Wrote: level-HIGH from inbuilt libraries which i did install with pipIf you used pip, then they're not built-in. That's what pip is for - getting third party libraries. They're not always trustworthy.(Jul-12-2018, 06:23 PM)saisankalpj Wrote: so how should i avoid this now.If you want to avoid the warnings from checkmarx, then you need to stop using those modules. I can't speak to how reliable checkmarx is in terms of whether it's worth actually stopping using the modules, or if they use whitelist or blacklist. I'm curious as well which modules are being flagged.
1. compat.py
2, site_packages/pkg_resources
3. wheel
4. pip/vendor
5.lib/site.py
are giving High vulnerabilities