-
Note: This is referenced as 4.3.7 in #2033 but has updated numbering
This requirement addresses two parts: there should not be any objects that don't have their access undefined, but if there is, d…
-
## Summary:
A vulnerability has been discovered in the OpenID Connect JWKS (JSON Web Key Set) endpoint at *.portkey.finance/.well-known/jwks. This vulnerability allows unauthenticated access, which…
-
# Code Security Report
### Scan Metadata
**Latest Scan:** 2024-08-22 10:34pm
**Total Findings:** 1 | **New Findings:** 0 | **Resolved Findings:** 0
**Tested Project Files:** 25
**Detected Programmi…
-
Related requirements:
| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **1.14.3** | Verify that the build pipeline warns of out-of-date or insecure co…
-
### Current Behavior
The FF has a critical CVE from org.quartz-scheduler/quartz 2.3.2
### Expected Behavior
Could be fixed upgrading to https://github.com/quartz-scheduler/quartz/releases/t…
-
Confirm leveraging the service snyk will be a suitable alternative to baking in a github action docker scout solution
- Comparable CVEs are being reported
- CVEs reported are inline with twistloc…
-
Developers will follow secure coding best practices in order to mitigate common software security vulnerabilities. Developers will follow the control categories and techniques documented within The [T…
-
4.2.1 alludes to horizontal access control but we should decide whether we want to be more specific about access control types, e.g.
Making sure that the user has permission to perform a **particul…
-
https://aws.github.io/aws-eks-best-practices/
https://tldrsec.com/guides/kubernetes/
https://cloudsecdocs.com/container_security/theory/threats/k8s_threat_model
https://github.com/freach/kubernetes…
-
# **Background:**
- As per published [v1.0](https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/tree/main/1_0_vulns) of the OWASP Top 10 for Large Language Model Applica…