-
Discuss strategy of dapp tools deprecation and if we want to do it.
One counter argument: having dapp tools and foundry cross checking the output binary is better than having a single tool to circumv…
-
It is better to pin various actions used across our workflows to their release hash instead of just the version. This helps mitigate concerns around software supply-chain attacks through external work…
-
/kind feature
**Why you need this feature:**
Kubeflow's workflows are running with write-all permissions. This puts the project at risk of supply-chain attacks.
I took a look at all the workf…
-
- [ ] Is there existing cheatsheets at [OWASP Cheatsheets](https://cheatsheetseries.owasp.org/Glossary.html)
- [ ] If there is an existing cheatsheet, does it need updating at the source to cater for …
-
Avoid using curl downloads because of the Supply Chain attacks.
https://github.com/btcsuite/btcd/blob/31791ba4dc6ef913b1e8eb7bfb6746b1a118e405/.github/workflows/go.yml#L21
Example https://blog.g…
-
On local development, running `npm run dev` on macOs will prompt for sudo password.
Would be nice to document this in `README.md` to be expected, from what I can tell, this is playwright attempt to …
-
Key Points for Summary:
- Cloud-Native Security: Cloud-native applications bring new security challenges like securing microservices, containers, and API communications.
- Zero-Trust Architec…
-
From the [scoping doc](https://github.com/ShieldedLabs/crosslink-deployment/blob/main/Scoping.md), a couple questions:
> It reduces supply of ZEC by locking up staked ZEC
The doc doesn't talk at…
-
Originate from https://github.com/yuzutech/kroki/pull/1530#discussion_r1196583936
> In general I also tried looking into dependency checksum verification for the pom.xml, but this appears to be a r…
-
## What is the proposed Cheat Sheet about?
It will aim to provide guidance on configuring and utilising GitHub Actions securely.
## What security issues are commonly encountered related to this …