-
**Describe the user need**
In order to avoid having to manually create a `snyk-monitor` secret with `dockercfg.json` and `integrationId` item it would be useful to have an optional secret for this …
-
As containers 'age' in production existing mechanisms for container scanning during the publishing phase may not help us. Particularly for projects with containers which are not being actively develo…
-
**Description**
Dependabot flagged 2 dependencies for update:
- [spring-web](https://github.com/department-of-veterans-affairs/abd-vro/pull/741) from 5.3.23 to 6.0.2
- [spring-boot-starter-test](…
-
False positive on npm package glob-parent@5.1.2 (`pkg:npm/glob-parent@5.1.2`) incorrectly reported as `cpe:2.3:a:*:glob-parent:\\
-
Reticketing from https://github.com/getsentry/fsl.software/issues/20#issuecomment-1836688802 ...
Once the dust settles on [a likely 1.1](https://github.com/getsentry/fsl.software/issues?q=is%3Aissu…
-
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:NULL Pointer Dereference
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Curren…
-
### Ticket Contents
## Description
This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automate…
-
Because our account has application monitor including Prod, Test, and Dev. The maturity data is counted for all environments. We want to only count for Prod, so some modification needs to be made. I a…
-
- `node -v`:
- `npm -v`:
- OS: (e.g. Linux,, ...)
- Command run: (e.g. `snyk2spdx ...`, ...)
### Expected behaviour
Please share _expected_ behaviour.
I would expect the rest of SPDX fields to…
-
It would be nice to have some sort of security scanning functionality in CI to try to catch any security problems.
## SCA / Dependency scanning
- Snyk? (sketchy PNPM support?)
- [OWASP Dependen…