-
Artifactory is needed to secure our software supply chain, yet it does not take full advantage of the RHEL 8 distribution.
Installing Artifactory on-premises is a bit hard given the requirements of…
-
### Describe the enhancement requested
Currently, `apache.jfrog.io` is the only release channel for various Binary Artifacts of Apache Arrow. Therefore, if `apache.jfrog.io` stops serving, there will…
-
As a follow-up to #481, we need support for the "Q" field, which is Quarters.
-
**Tell us about your request**
Docker Scout ships with a number of software supply chain best practice policies"out of the box", but I would like it if I could configure these. For example, there is …
-
- A CI/CD Bill of Materials can be used to support the systematic review of known security vulnerabilities in open source components and approval of each component’s
- An CI/CD BOM is useful both…
-
@pburkholder raised this as a discussion topic during the [2022-05-10 TOC meeting](https://docs.google.com/document/d/1ng8rAcnrCbTm5RVNAKZ_ptqXiwcBIPgC8rbYp6A8lUo/edit#heading=h.yp189wpw74up). Capturi…
emalm updated
10 months ago
-
As time goes by, projects start using new glibc features not present in old versions, hence requiring a newer manylinux baseline version to be defined.
For example:
* https://github.com/openai/tri…
-
When I installed and ran the program, Windows Defender detected it as a threat.
I am assuming that this is a false positive, but I wanted to make sure that this was known.
![ApplicationFrameHost_H4P…
-
Great to see Google interested in model transparency. Thank you for that.
I think there's two (possibly three) opportunities to align with OWASP CycloneDX.
## Model card transparency
CycloneDX…
-
**Tell us about your request**
Getting vulnerability information in your images directly in the IDE you're using like VSCode, etc.
**Which service(s) is this request for?**
Docker Scout
**Tell…