-
### What happened?
The following job using [OpenSSF AllStar](https://github.com/ossf/allstar) fails with upload-artifact@v4:
```
jobs:
deployment:
runs-on: ubuntu-latest
# Use chai…
-
- [x] I have read the [SECURITY.md](https://github.com/GoogleContainerTools/distroless/blob/main/SECURITY.md)
- [x] I understand that this repo tracks debian package releases and cannot fix debian CV…
-
I am not sure if this is intentional but I've tried to use gptscript as a library to run my scripts and I always get the following error:
```
panic: runtime error: slice bounds out of range [:-1]
…
-
-
What I did
```sh
docker run -it --rm cgr.dev/chainguard/wolfi-base
apk add checkov
checkov
```
I got the following error
```bash
cd08f75ce732:/# checkov
Traceback (most recent call last…
-
### What happened?
Beroenden som används i applikationen är utdaterade och gör att scanningsprogram som Xray rapporterar sårbarheter som har dykt upp i de beroendena. Ex. så används version 1.61 av…
-
I am trying out konflux-ci on Fedora 39 by following the[ README](https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#konflux-ci). I have reached to the end of [Onboard Application with the Ko…
-
Loving Octo STS so far! I'm working on setting up some simple proofs of concept. One thing I'd like to do is use it to get a short lived token to be used to add an issue to an Organization Project. I …
-
# Consider Adding Software Bill of Materials (SBoM) for ClickHouse Release Binaries
## Summary
There is currently a lack of visibility into the third-party code and its vulnerabilities within Cl…
-
The recently introduced `archive_apk_packages` function in `archive-packages.sh` does not properly split package names and version when the package name contains a hyphen (`-`).
The offending code …