-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
## Problem
Currently, there's no integrated way to audit dependencies defined in `pyproject.toml` and `uv.lock` against known security vulnerabilities in the [Python Packaging Advisory Database](ht…
-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
# related:
- [x] xxx
- [x] xxx
-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
There is a mostly unstructured JSON feed and web page at:
- web page at https://kubernetes.io/docs/reference/issues-security/official-cve-feed/
- JSON "index" https://kubernetes.io/docs/reference/is…
-
- Make new category in ToolManager
https://github.com/nccgroup/CECster
-
# What's the problem this feature will solve?
It would make a higher-level of package security a default.
# Description
I would like uv to only download packages that do not have entries in t…