-
Apparently there is a Rust package called arrow which has some issues associated with it in OSV, such as https://rustsec.org/advisories/RUSTSEC-2021-0117.html
There is also a python package called …
-
### Describe the bug
If you add a PackageReference to a project pointing to a vulnerable package version, `dotnet` commands like `dotnet build` and `dotnet list package --vulnerable --include-trans…
-
To facilitate more usage of CSAF, how would a go library have to be constructed to be able to help implementors to access the contents of the advisories?
### potential use cases
* https://github.c…
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…
-
Apparently there is a number of formats designed to encode package info already: https://gitbom.dev/glossary/sbom/
We need to check if any of them are suitable for our use case. Notably we redact s…
-
I’m working to implement VEX (both CSAF and CDX) as part of SAG-PM’s risk assessment and the deeper I look into the VEX model, the more I question its viability/scalability/efficiency. Let me explain …
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…
-
### Notice
The identification and proposed resolution of this issue has been kindly provided by [Kunal Mhaske](https://www.linkedin.com/in/kunal-mhaske-59928a170) and this ticket has been logged on h…
-
This issue is supposed to keep track of various settings that should be tweaked eventually to get Packit, Coverity, Coveralls and some other things to work:
* https://docs.coveralls.io/index#integrat…