-
(personal notes ; will be expanded upon later.)
In the event, someone will write a daemon or a tool to scan (continuously) NixOS closures for security vulnerability, it would be interesting to coordi…
-
Someone raised a bogus CVE for this project: https://nvd.nist.gov/vuln/detail/CVE-2024-22949.
Behind that seems to be someone running an LLM to look for bugs: https://gist.github.com/LLM4IG
I've rep…
-
## Describe the Enhancement
The images published to https://hub.docker.com/r/paketobuildpacks/builder-jammy-tiny/ do not have [OCI image annotations](
https://github.com/opencontainers/image-spe…
-
As a IDEasy user, I want to get security warnings if I am using outdated software with critical known CVEs so that I can keep my software secure.
This is the [devonfw-ide story 1106](https://github…
-
We want to offer more and easier ability to extend the DevOps Center application, both by customer users as well as partners.
Some areas we hear requests for extensibility include:
- Work Item custom…
-
I received this inquiry in discord:
> i want to put some effort into an initiative of filling jaraco.* and related projects with full-fledged type hints.
would you mind helping me by providing a s…
-
## Request Summary:
Open Source Module Supply Chain attacks pose a real risk to the community:
For example: https://www.zdnet.com/article/corrupted-open-source-software-enters-the-russian-battl…
-
This is a very loaded issue, and probably should be broken down into separate issues. For now, it's one issue so as to not look "spammy".
---
## Table of Contents
- Add CONTRIBUTING.md
- Add…
-
From the Feb 27 meeting: "How do we collect metrics and package stats?"
* @lwasser brought it up
* @jpivarski has ideas to contribute (I'll follow up)
* @InessaPawson has been researching this …
-
#### What's the feature?
Add a flag to ignore dev dependencies when running `npm audit`.
Maybe it could ignore them by default and only check them with a flag.
#### What problem is the featur…