-
The most important remaining task for the first draft is visual aids - what does the input data look like, and more importantly, what does the software look like/what are the important software compon…
-
-
It would be ideal to have a `sha1` to `groupID, artifactID` for jars that do not have `pom.xml` and are hosted on maven. This would help with the following issues:
- [x] https://github.com/anchore/…
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…
-
This issue was prompted by my going looking for references about vulnerability response process governance in the service of starting to address
- #472
**Describe the solution you'd like**
We…
-
### Notice
The identification and proposed resolution of this issue has been kindly provided by [Kunal Mhaske](https://www.linkedin.com/in/kunal-mhaske-59928a170) and this ticket has been logged on h…
-
When translating documentation files using the DeepL API we make use of its XML handling capabilities to preserve markdown formatting. This is done by replacing format markers by XML tags before trans…
-
I attempted to set up CodeQL in the EchoSVG project (css4j/echosvg#37) but found a [false positive claiming a critical Java XXE vulnerability](https://github.com/css4j/echosvg/security/code-scanning/3…
-
## CVE-2020-35508 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov5.4.51
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD c…