-
The following vulnerabilities have been reported against dsbulk 1.11 from "Open Source Scanning in Visual Studio Team Services".
It would be desirable if as many as possible are resolved.
[CVE-201…
-
**Is your feature request related to a problem?**
I hate when I find something interesting on natlas and I say "Man, that looks like an old version of apache" and then I have to copy and paste the ve…
-
## Description
The translation functionality should be expanded to cover a wider spectrum of solutions.
Using the translation schema as a baseline:
```json
{
"target": [
"Platform 1",
…
-
We have fixed a number of vulnerabilities reported, not by upgrading the dependencies version but rather in our own code. However, these kind of fixes will not be recognized by the scanners and will …
-
**Is your feature request related to a problem? Please describe.**
A user new to the system may not fully understand some of the project configuration settings, or perhaps the server owner wants to e…
-
- [ ] https://github.com/captncraig/agent/security/code-scanning/16
- [ ] https://github.com/captncraig/agent/security/dependabot/2
- [ ] https://github.com/captncraig/agent/security/code-scanning/1…
-
Hello,
I prepared a test project containing a rancid version of log4j. On a debian based machine, running cve-bin-tool against this test project, cve-bin-tool reports log4j nicely. If I prepare a d…
hmw42 updated
5 months ago
-
### What did you do?
We have installed prometheus in our cluster, and recent security scan found the image: quay.io/prometheus/prometheus:v2.44.0 contains several security vulns.
1. grype quay.io/…
-
### Do you have a suggestion for code improvement or tracking existing technical debt? Please describe.
We currently only scan GA LTS versions of our images as part of our security scans and CVE docu…
-
Currently RHEL CVE feeds are not being used, so scanning RHEL/Scientific linux results in "cannot perform CVE scan: no CVE data is currently available for the detected base distro type (redhat:6,redh…