-
Add a web fingerprint and updater script for [spark](https://github.com/apache/spark).
Please read the rules of engagement first at https://github.com/google/tsunami-security-scanner-plugins/issues…
-
## Backport
This PR is auto-generated from #21729 to be assessed for backporting due to the inclusion of the label backport/1.20.
:rotating_light:
>**Warning** automatic cherry-pick of commits fai…
-
### Summary
https://github.com/usdot-fhwa-stol/carma-vehicle-model-framework/actions/runs/8623329483/job/23723060265?pr=66
```
Run usdot-fhwa-stol/actions/sonar-scanner@main
Run INIT_ENV="/home/…
-
Reference: https://www.bleepingcomputer.com/news/security/misconfigured-apache-airflow-servers-leak-thousands-of-credentials/
Requires further research to look for the hardcoded credentials when `e…
-
when a project generates VEX feed for vulnerabilities that are not exploitable, SECURITY_INSIGHTS.yml is an ideal place to capture this information. The work around is to add VEX statement informatio…
-
## CVE-2021-44832 - Medium Severity Vulnerability
Vulnerable Library - log4j-core-2.9.0.jar
The Apache Log4j Implementation
Library home page: https://logging.apache.org/log4j/2.x/
Path to dependenc…
-
Add a web fingerprint and updater script for https://github.com/rackslab/slurm-web/tree/2.x for v2 of slurm-web
Version 3 seems to be in development, there's no public release yet.
Please read t…
-
#### What happened:
CVE in `registry.k8s.io/build-image/distroless-iptables:v0.6.2` image
```bash
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/…
-
Hello, when looking at this documentation: https://docs.openshift.com/acs/4.3/configuration/enable-offline-mode.html#update-scanner-definitions-in-offline-mode it states:
> Scanner contains a local…
-
## Description
Currently, we have the `--scanners` flag, which supports the following options: vuln, misconf, secret, and license. To align with this structure, I'm considering renaming the `--list-a…