-
Tracking issue for:
- [ ] https://github.com/Project-MONAI/monai-deploy-informatics-gateway/security/code-scanning/6806
-
**What would you like to be added**:
It would be good to add the `pkg.Source.Name` and `pkg.Source.Digest` information to the matchable product identifiers when using VEX documents to filter out vu…
-
On scanning the logstash-oss:8.13.2 docker image, found the below vulnerability in it.
Type | Severity | CVSS | CVE | Package Name | Package Version | Fix Status
-- | -…
-
Context: https://github.com/cncf/tag-security/issues/965
-
# What did you do? (required. The issue will be **closed** when not provided.)
My team has set up an integration that will load the `vuls` binary into a CloudFoundry app instance and run it as the …
-
At [Platform One](https://p1.dso.mil/) we use continuous scanning with tools like Twistlock and Anchore to scan our hardened images. We are encountering a number of CVEs regarding go1.16.3, which is E…
-
### Gloo Edge Product
Enterprise
### Gloo Edge Version
gloo-ee 1.16.11-alpine (gloo 1.16.16)
### Kubernetes Version
v1.28.6
### Describe the bug
- CVE-2024-5535(BDSA-2024-4055) **9.1** from o…
-
Hi,
We receive these messages which appear to be related to Maven packages loaded by the scanning tool. Is this expected? How should we deal with these as they are blocking our pipelines.
-
Hey all
Congratulations on your recent new release. I'm just reaching out to see if you are interested in uploading this connector to a listing on the [Confluent Hub](https://www.confluent.io/hub/…
-
### Describe the bug
GitHub Advanced Security requires a 'physicalLocation.artifactLocation.uri' value. GHAS will fail to load the SARIF results if this data is not provided.
The SARIF file from…