-
## Problem
Currently, there's no integrated way to audit dependencies defined in `pyproject.toml` and `uv.lock` against known security vulnerabilities in the [Python Packaging Advisory Database](ht…
-
While working with Kafdrop a few High and Critical vulnerabilities were found. Is it possible to get these vulnerabilities addressed
**What vulnerabilities were found:**
- {"service_name": "kaf…
-
## 🔒 Automated Security and Code Scanning to maintain robust and secure codebases
*To proactively identify and mitigate security vulnerabilities and code quality issues, ensure robust and secure co…
-
### Current Behavior
Run Full Scan and in the Vulnerability Scan, Nuclei only scan the first endpoint (https://domain.com/) (HTTPS) and do not scan the next endpoints (http://domain.com/) (HTTP) , in…
-
/kind feature
**Describe the solution you'd like**
After a brief review of the vulnerabilities in an SCA scan, I'm curious if SCA scanning takes place for this repo? Using one SCA tool, 16 critica…
-
OSV currently includes Alpine's fixed vulnerabilities (from [Alpine secdb](https://secdb.alpinelinux.org/)) in its CVE records, but it's missing information about unfixed vulnerabilities from [Alpine'…
-
### Please describe the enhancement
Currently there is a WIP (https://github.com/stacklok/minder/issues/1862) addition to minder reviews to include a summary comment that will always be edited atop t…
-
I am running CodeQL on my repo. I have a class named VulnerableClass.cs.
In that class I have purposely included a direct SQL injection statement.
CodeQL is not discovering the vulnerability.
…
-
### Describe the bug
I'm using JFrog Frogbot for scanning vulnerabilities on Gitlab repository. Currently, frogbot is unable to create automatic pull requests after the scan-repository command is c…
-
Would be great to introduce tools for security vulnerability scanning.
Some projects to investigate
https://www.drupal.org/project/security_review
https://www.drupal.org/project/securitytesting
https…