PrestaShop 8 module to fetch Friends of Presta security advisories, enrich CVEs from their advisory pages, detect affected installed modules/core advisories, audit overrides, compare the database to the native PrestaShop schema, update installed modules, and list local core changes.
php bin/console everpssecurity:run all --dry-run
php bin/console everpssecurity:run update-cves
php bin/console everpssecurity:run overrides --dry-run
php bin/console everpssecurity:run db-integrity --dry-run
php bin/console everpssecurity:run update-modules --dry-run
php bin/console everpssecurity:run core-changes --emailEvery action accepts --dry-run. Use --email to email the generated report.
The update-cves action also sends a vulnerability alert when a stored advisory
matches an installed module or an apparently affected core version and the module
email setting is enabled.
The back-office configuration uses Smarty templates and Tagify for CVE tags. Advisory detail pages are parsed to store Product, Impacted release, Patches, Description and GitHub links so alerts include correction references whenever the advisory provides them.