-
Many open source projects only have one maintainer. How will they meet the 2 person review requirement? Are tools like automated code reviews in scope for meeting this requirement?
-
### What's the problem this feature will solve?
This is following on from https://github.com/pypa/pip/issues/12564 to discuss whether pip maintainers would be interested in enabling [CodeQL SAST sc…
wwuck updated
7 months ago
-
It seems that the default permissions given as example in the docs or on the default template when you add the action to your repo are not sufficient on at least private repo's. I have not tested it o…
-
ref https://github.com/microsoft/sarif-tutorials/tree/main/samples
This allows you to view messages through GitHub security alerts.
-
**Description**
This is a placeholder issue to indicate and describe the area of problems and let contributors help with providing fixes.
At the time of the creation of this ticket, I integrated …
-
**What happened**:
Error: No such container:path: 211304:/opt/horusec/horusec-report.json
**How to reproduce it (as minimally and precisely as possible)**:
my job for release branch:
```
…
-
**What would you like to be added**:
I want *horusec* to point out vulnerabilities related to actual privacy related rules for countries.
Using Brazil as an Example, we actually have the LGPD (s…
-
Writing custom sniffs for PHPCS seems relatively difficult, and there are some modern tools like [Tide](https://github.com/wptide/wptide), [Psalm](https://psalm.dev/) and [PHPStan](https://phpstan.org…
-
When I install `fb-sapp` from Pypi and **analyze** the output it returns the following error.
```
sapp -v "DEBUG" --tool=mariana-trench analyze .
/usr/local/lib/python3.9/site-packages/sqlalche…
-
Thanks for a great OSS SAST tool.
I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:
`env ENABLE_OSS_RISK=true time sh…