-
CodeQL: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-upd…
-
Title: Snyk: snowflake-jdbc io.netty:netty-common 4.1.111.Final
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/52b28ebb-529b-4938-…
-
Tracking issue for:
- [ ] https://github.com/moby/buildkit/security/code-scanning/5
- [ ] https://github.com/moby/buildkit/security/code-scanning/20
- [ ] https://github.com/moby/buildkit/secur…
-
### Describe your question
The following CVEs are being detected by Microsoft Defender for Cloud in the current version of v3.243.1 that I am using in the ADO agents. Is there any update on fixing th…
-
OSV currently includes Alpine's fixed vulnerabilities (from [Alpine secdb](https://secdb.alpinelinux.org/)) in its CVE records, but it's missing information about unfixed vulnerabilities from [Alpine'…
-
#### What happened:
CVE in `registry.k8s.io/build-image/distroless-iptables:v0.6.2` image
```bash
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/…
-
### Describe what should be investigated or refactored
We should add continuous scanning of image dependencies in UDS Software Factory package repositories to check for both CVEs and license changes.…
-
Hello Rundeck Team,
We have detected the vulnerability CVE-2023-44487 in the current version of Rundeck (v5.4.0) that we are using. This vulnerability has been flagged by our security scanning tool…
-
## Summary
Checking the result of Trivy scan, there is a CRITICAL CVE and a dependency should be updated.
## Steps to reproduce
When running a trivy scan on latest concourse image, it reporte…
-
Hi. Thank you for distributing such a great tool.
I checked out this post and did some testing on a few projects.
- https://osv.dev/blog/posts/introducing-broad-c-c++-support/
However, I di…