-
### Request Description
Hello,
I'm wondering how to add custom entries to the VDB database so that depscan will find these custom vulnerable dependencies when scanning.
I see that VDB5 uses jsondb…
-
Following up from the EPICS collaboration meeting, Ralph Lange and others from the community talked about the security of `ibek-support` and some reservations about using it.
Ralph pointed out the …
-
**Describe the bug**
The combination of the Quarantine preview feature and Qualys (Azure Defender CVE Scanning) do not work as expected.
**To Reproduce**
Steps to reproduce the behavior:
1. Ena…
-
Description, Use Case and User Stories
Guidance on how to combine EPSS Probability scores for a group of related CVEs with associated EPSS scores.
See thread https://epss-wg.slack.com/archives/C0135…
-
CVE-2020-14040 (Severity=High) and CVE-2021-38561 (Severity=Unknown) are found when scanning https://github.com/googleinterns/cloud-operations-api-mock/releases/download/v2-alpha/mock_server-x64-linux…
mipnw updated
2 years ago
-
Hello, i have alert from scanning about dependencie postcss.
component-compiler-utils use "postcss": "^7.0.36", but
"id":"CVE-2023-44270","package":"postcss","version":"7.0.39","fix_version":"8.4.3…
-
The test script currently does not really check whether any patch-level update that **targets** any critical CVEs is deployed in time.
Furthermore, the standard is a bit vague about whether this pa…
-
**Describe the bug**
Multiple High and Critical CVEs found in the tb-node image. Image built from `master` branch and scanned with https://github.com/anchore/grype.
```shell
json …
-
The following vulnerabilities have been reported against dsbulk 1.11 from "Open Source Scanning in Visual Studio Team Services".
It would be desirable if as many as possible are resolved.
[CVE-201…
-
### Why it needs to get done
We have several image scanning CI runs with some overlap:
1. some rocks repos do daily scanning (ex: [seldonio-rocks](https://github.com/canonical/seldonio-rocks/blob/78…