-
### What is the problem this feature would solve?
There is currently no proper way to automatically scan for vulnerabilities or license issues as part of a CI/CD pipeline.
### What is the feature yo…
-
- **Hitting return in product field opens company drop-down** When a user is in the product input area and hits hard return, the company drop-down opens.
- **No products available - required to proce…
-
Recently there was a supply chain attack on the xz package -- CVE 2024-3094 (https://www.openwall.com/lists/oss-security/2024/03/29/4) from a trusted maintainer, intended to backdoor ssh in Debian and…
-
### Release Note Category
- [ ] Feature changes/additions
- [ ] Bug fixes
- [ ] Internal Infrastructure Improvements
### Release Note Description
-
Description: what's your idea?
Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?
Scope: How much effort will this take? ok to provide a range of o…
-
## Suggested agenda
1. Software Defined Vehicle / Eclipse SDV [1] – how will a future software
supply chain will look like and what needs to be expected with OTA-updates in
the vehicles?
2. Cat…
-
- [ ] use [Harden Runner](https://github.com/step-security/harden-runner) in all GH workflows
- [ ] use hashes instead of versions in GH workflows
- [ ] add [OpenSSF Scorecard](https://github.com/os…
alpe updated
5 months ago
-
### 问题描述
Hi,
I'm a Cybersecurity researcher developing PackjGuard [1]. Our tool has detected a dependency confusion vulnerability in this repository. In order for me to disclose it, kindly enable …
-
Currently, it is very "leet" code that's hard to inspect. What we need is at least some guarantee that it's side effect free.
https://www.npmjs.com/package/busboy
https://github.com/mscdex/busbo…
-
# SolarWinds supply chain attack - Tech ramblings by Marcin
[https://marcin.cylke.com.pl/2024/04/07/solarwinds-supply-chain-attack/](https://marcin.cylke.com.pl/2024/04/07/solarwinds-supply-chain-a…