-
**What would you like to be added**:
Add SonarQube as a code quality scanning tool
> SonarQube Introduction: https://docs.google.com/document/d/1UhoERlGsdfFn50CckbOt7Vv2AOpBHsbUoP8ZLeJQxl4
…
-
e.g., https://github.com/CycloneDX/bom-examples/tree/master/VEX/Use-Cases/Case-4
For false positives like:
- https://github.com/kubernetes/kubernetes/pull/121338#issuecomment-1771341403
-
# Summary
`github/codeql-action/upload-sarif` violates SARIF specification par. 3.27.12.
# Details
According to [SARIF specification par. 3.27.12](https://docs.oasis-open.org/sarif/sarif/v2.1.0…
-
I get these failures when running LLVM tests without X86 target:
```
Failed Tests (5):
LLVM :: tools/llvm-debuginfo-analyzer/WebAssembly/01-wasm-compare-logical-elements.test
LLVM :: tools/llv…
-
[TFSec](https://github.com/aquasecurity/tfsec), which is listed as part of the terraform feature, is being deprecated/merged into their other tool, [Trivy](https://github.com/aquasecurity/trivy):
>…
-
I forked this repo on GitHub and setup the Dependabot and Code Scanning tools to their default and got the following warnings:
Dependabot issues:
> Dependency Confusion in Bundler High Developm…
-
👋 This dashboard summarizes my activity on the repository, including available improvement opportunities.
## Recommendations
_Last analysis: Aug 28 | Next scheduled analysis: Sep 04_
**NOTE**: I'v…
-
Hello,
The Security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in ea…
-
👋 This dashboard summarizes my activity on the repository, including available improvement opportunities.
## Recommendations
_Last analysis: Aug 27 | Next scheduled analysis: Sep 03_
**NOTE**: I'v…
-
Hello, thanks for the library.
I want to invoke the command of unknown cluster, for example:
The matter bridge enable the function of scanning subdevices.
Here's what I think:
1. Can comm…