-
These are the main milestones for this piece of work
- [x] Investigate and compare tools to help us with vulnerability scan
- [x] Configure the OWASP security plugin to Generate a report of vulnerabil…
-
#### Description
After deploying Harbor using the Helm chart in version `1.15.1`, the daily automated security scan does not report any vulnerabilities. However, when manually initiating a scan, vu…
-
Currently, gbounty continues to process HTTP requests even after it identifies a vulnerability for a specific URL. For performance and efficiency reasons, it would be beneficial to add a flag that sto…
-
Dear Madhu and Team,
Pls guide to use the jackhammer tool.
I gave the build and ran jackhammer . Its not showing any results for scan.
************sidekiq log showing block in safe_thread…
-
### Is there an existing template for this?
- [x] I have searched the existing templates.
### Template requests
Description:
SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacke…
-
## Problem
[Oracle Linux](https://linux.oracle.com/security/oval/) and [SUSE](http://ftp.suse.com/pub/projects/security/oval/) have OVALs readily available, but we don't include them in our OVAL ba…
-
### What happened?
This is CVE-2024-8986, it's being flagged by our security scanning tools, and has been for a long while now. When is this dependency due to be updated and a version containing the …
-
### Ticket Contents
## Description
To maintain code quality and security for [AMRIT API repositories](https://github.com/orgs/PSMRI/repositories?q=-API), we need to set up GitHub Actions workflo…
-
The build pipelines can optionally scan the image for vulnerabilities before deploying. Many (all?) of our Starter Kits do not pass. Let's see if we can update them to pass vulnerability scanning.
Fo…
-
**What steps did you take and what happened:**
**1.** `docker pull ghcr.io/aquasecurity/trivy-operator:0.22.0`
**2.** `trivy image ghcr.io/aquasecurity/trivy-operator:0.22.0 --severity CRITICAL`…