-
I'm a Cyber Security researcher and developer of PackjGuard [1] to address open-source software supply chain attacks.
# Issue
During my research, I found that this repo is vulnerable to attack due t…
-
https://github.com/brave/brave-core/tree/master/components/brave_wallet_ui depends on a number of npm packages, which often have security vulnerabilities. we should sandbox these as much as possible s…
-
Hello kubescape community!
In preparation for this year's Cloud Native Security Slam, we've completed a survey of CNCF end users across multiple industries, including Construction, Cybersecurity, A…
-
## Discussion Topic for OSS Supply Chain Risks WG
### Description of Problem:
For the majority of open-source software, the concept of End Of Life (as it is defined for vendor software) does not appl…
-
Hi,
We notice that you are using topic and service names from ROS parameters, e.g. at the following locations:
https://github.com/skasperski/navigation_2d/blob/noetic/nav2d_navigator/src/RobotNavi…
-
Hi,
We notice that you are using topic names from ROS parameters at the following locations:
https://github.com/botsync/volta/blob/6815bce293b5f2b8149484df7c9c7b0fa004adcb/volta_teleoperator/src/j…
-
On April 15, Security Week reported,
> Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected si…
-
### Description
Currently it is not possible to verify the authenticity of the downloads from sourceforge.net, github.com, or phplist.org because the releases are not cryptographically signed.
T…
-
### Background
The docs in https://github.com/lightningnetwork/lnd/blob/master/docs/release.md refer to `docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.0-beta /verify-install.sh` to verify…
-
**What new feature do you think would be cool to add to artemis?**
Have the artifact collector pre-filter the data collected on key attributes based on some new TOML keys.
**Describe the solution …