-
I would like to use this tool to scan a preexisting spdx file, but the scanner can't find my file called 'SBOM.spdx'. The config used is:
- name: Scan SBOM with cve-bin-tool
uses: in…
-
Hi Team,
Command used: dotnet cyclonedx --json --out OutputPath Solutionpath --url AlternativeNuGetSourceprovided --disable-github-licenses --exclude-dev --exclude-test-projects --dotnet-command-ti…
-
### Please describe the enhancement
Minder can currently enable code scanning for a repo, and make sure that it's continually enabled. However, understanding whether code scanning is on in a repo e…
-
Go versions below `1.22.7` / `1.23.1` are vulnerable to `CVE-2024-34156` a bug in `encoding/gob`s `Decoder.Decode`. Health probe currently uses the vulnerable version `1.22.4`.
Updating to the abo…
-
Hello, I am getting this error.
Although I specify the location of the file, it does not recognize it and says 0 files were scanned.
[https://i.imgur.com/q38FqWj.png](url)
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
### Task Topic
Other
### Task Description
Configure repository security and analysis using GitHub Secuirty Settings
## Tasks
- [ ] Private vulnerability reporting
- [ ] Dependency graph
- […
-
This could be an issue with the API, but I have no way to verify that. However this does not occur when manually stacking two images (one being RAW, another a JPG with a motion file).
After bulk st…
-
Enable CodeQL as static analysis tool for non-C/C++ code scanning.
GitHub Action example: https://github.com/intel/pcm/actions/runs/9637488979/job/26576790870
Doc: https://docs.github.com/en/code-…
-
We run the `defaultbackend-amd64` image in our FedRAMP environment and use various container scanning tools like ECR, trivy/clair, and snyk to scan containers for vulnerabilities. These tools have tro…