-
Hi, thank you for developing SCAPinoculars, this is very useful !
I would like to suggest an additional type of report for vulnerabilities (oval), in addition to compliance (xccdf) reports.
http…
-
### Describe the need of your request
I am using codegpt for security vulnerability scanning. I have to manually select the code after every few lines and then send it for scanning by selecting my cu…
-
Document the plan of implementation for each component identified in the Component Definition Issue. Work content into a snippet for the OSCAL model.
-
https://github.com/grafana/loki/blob/65697676e610ee7b32d671a050f6ac38fb1e3ad1/production/helm/loki/values.yaml#L51
### Critical
CVE-2024-24790
CVE-2024-5535
### High
CVE-2024-24791
### Med…
-
**Describe the bug**
Snyk code vulnerability scanner was run on vendored uber-go code and found an issue:
> Error: SNYK_CODE_WARNING ([CWE-23](https://cwe.mitre.org/data/definitions/23.html)):
> …
-
## Summary
We need to set up some kind of PGP key or something then list the info in the SECURITY.MD file.
## Motivation
To keep things secure.
## Describe alternatives you've considered…
-
**Is your feature request related to a problem? Please describe.**
I'm looking to reduce the number of false positives from SCA vulnerabilities by performing function-level reachability analysis. How…
-
Utilize an up-to-date SCAP compliant vulnerability scanning tool to automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the or…
-
## Description
I was running the trivy on the github action workflow and give an error message that the vulnerability database can't be downloaded.
## What did you expect to happen?
The trivy c…
-
We should look into the vulnerability scanning and our options compared to just dependabot.
@mykaul sugested to have a look at https://github.com/aquasecurity/trivy for example