-
from @ewels
Seeing more and more people ask about SBOM documents for pipelines / containers (software bill of materials). It looks like Trivy can generate SBOMs. Is this something that we could get …
-
### Project to be claimed
`scikit-optimize`: https://pypi.org/project/scikit-optimize
### Your PyPI username
`fkiraly`: https://pypi.org/user/fkiraly
### Reasons for the request
`scikit…
-
Dear web page owners,
I just wanted to let you know that when I'm browsing the internet, I usually use a JavaScript blocker extension called NoScript. I work in the field of quantum chemistry, and …
nom05 updated
2 months ago
-
saw your work on [hn](https://news.ycombinator.com/item?id=41338240)
enjoyed the article and discussion
i am a javascript language security researcher
in your article you mentioned this playing a…
-
k
-
For trivy scan:
- the scan should fail if problematic code is being added in a PR
- the scan should succeed and upload sarif artifact in case of scheduled scans
For this, two different ways of in…
-
As a development process developer, software supply chain integrity of Superfluid development process should be improved for Javascript projects (inc. NodeJS, Typescripts) to improve maintainability a…
-
After initial development is complete review list of all dependencies in `pom.xml` and remove unused JARs and libs. To maintain security we want strict control over the software supply chain and SBOM.
shah updated
2 months ago
-
## Describe the bug
On the page https://javascript.info/polyfills there is a link to polyfill.io, which is found to serve malware because the site was sold to a Chinese company. Instead, replace it w…
-
Originate from https://github.com/yuzutech/kroki/pull/1530#discussion_r1196583936
> In general I also tried looking into dependency checksum verification for the pom.xml, but this appears to be a r…