-
## Proposal:
Add a function to the Attestor interface. Attestors should implement this interface by interrogating the environment to see if it can run. We should run all attestors that are valid …
-
#Task Description
What task needs to be done?
#Task Outcome
Following actions to be performed:
- [x] Address HIGH and CRITICAL issues reported by SNYK
- [ ] Remove PR-bot token workflow requirement…
-
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current V…
-
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Improper Input Validation
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Curre…
-
The release vote passed, POI 4.0.0 will be available next week. Most breaking changes are in these quick and easy categories:
* Switch from using int values where Enum is a better fit
* Some method…
-
We aim to meet the OpenSSF Best Practices passing or higher badge level. One of the requirements is to run static code analysis on the project's source code.
See the "Analysis" section here: https:…
-
- Issue Type: `Bug`
- Extension Name: `vscode-vuln-cost`
- Extension Version: `1.3.6`
- OS Version: `Windows_NT x64 10.0.19041`
- VSCode version: `1.50.1`
:warning: We have written the needed d…
-
Kubernetes has a very large number of golang library dependencies. While there is some work to track and ensure license compatability, there is little to know work done to track vulnerabilities in the…
-
Suggestion: For packages on PyPI it could be helpful to give visitors the indication of package health from Synk.
e.g. `[![segyio](https://snyk.io/advisor/python/segyio/badge.svg)](https://snyk.io/…
-
Findings for Container Security, Low, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Improper Input Validation
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Pa…