-
There are lots of high and critical vulnerabilities that were scanned by [trivy](https://github.com/aquasecurity/trivy).
The scanning result of cluster-autoscaler:v1.23.0 is as follows, v1.22.0 and v…
-
The split release scripts were [merged](https://github.com/quarkiverse/quarkus-logging-splunk/pull/289) on the quarkus-logging-splunk Quarkiverse extension.
A release was attempted with the new scrip…
-
### Bug Description
When using a composite build and running the Gradle task `dependencies` in two or more subprojects at the same time, a deadlock occurs when version constraints are also used. This…
-
I want to raise a potential hurdle in effectively detecting security vulnerabilities within the OpenSSL library, which is currently integrated as a dependency deep within the project's dependency tree…
-
### Current Behavior
I created a new project and imported an SBOM of an old version of debian-slim. Trivy reports vulnerabilities but dependencyTrack doesn't. I created a Sonatype OSS account and con…
-
Hi,
I came across this repo after a web search. Thank you for trying scan. I noticed that you were trying to test dependency scanning with a vulnerable pom.xml. Firstly, to trigger dependency and l…
-
### Describe the feature
NodejsFunction construct in CDK for provisioning Lambdas uses esbuild to bundle the source code. This is a pattern that many follow which is in accordance with AWS guidance/…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Package ecosystem
NuGet
### Package manager version
.NET SDK 8.0.100
### Language version
_No response_
#…
-
### Current Behavior
If the user specifies something along the following, the task dependency is not taken into account:
```
plugins {
id 'cpp-library'
}
def genTask = tasks.register('gen') …
-
### Current Behavior
develocity-gradle-plugin and common-custom-user-data-gradle-plugin missing licensing information.
None of the following files has licensing information:
- https://plugins.gradle…