-
Research and documentation for how Lula will generate and operate on `plan-of-actions-and-milestones`.
## Objective
Establish a document for `plan-of-actions-and-milestones` that evolves as rese…
-
The current spring version (3.2.5) includes spring-boot-starter-tomcat (from spring-boot-starter-web) which has a security issue (CVE-2024-34750).
This CVE relates to a issue when using HTTP2. Read…
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/133
-
Hello there,
`osv-scanner` currently does not support [conda lockfiles](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/).
Conda lockfiles, called "environment" files, ca…
-
Multiple security scanning tools reported that `aws-for-fluentbit` docker image might be vulnerable to the following vulnerability:
- [CVE-2023-38545](https://alas.aws.amazon.com/cve/html/CVE-2023…
-
Hello.
In the DependencyCheck I'm getting alerts for CVE-2007-1651 and CVE-2007-1652 vulnerabilities referred to **Microsoft.IdentityModel.Protocols.OpenIdConnect** package (performing dll scanning…
-
Hello team,
I am writing to you because of the following:
Reviewing past vulnerabilities found in Kaniko, I encountered the Platform One log for hardened containers, and there is a Kaniko repo t…
-
### Expected behavior
CVE-2015-8960 is showing up when CVE-scanning, for a lot of scans.
I would expect CVE-2015-8960 not to show up, when the only CPE matching CPE is `cpe:/a:ietf:transport_layer_s…
-
#### Summary
Internal containers have long pending security CVEs: nginx, hostpath-provisioner, coredns
Installed version: MicroK8s v1.27.2 revision 5372
#### What Should Happen Instead?
Use lat…
-
Would it be possible to include an input field to disable including the descriptions of the CVEs in the findingsDetails output? Sometimes the descriptions of CVEs can be excessively long or contain s…