-
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repos…
-
The `fs-path` package has an unfixed security vulnerability https://www.npmjs.com/advisories/661
There are other alerts here https://github.com/integrations/snappydoo/network/alerts
-
It seems the current npm package is `svelte-pdf 1.0.20`, using `pdfjs-dist 3.8`.
Here in the repo it is `svelte-pdf 1.0.21`, using `pdfjs-dist 4.0`. Could you update?
-
In the util/utils.js file line 21 eval maybe execute malice code,
-
### Current Behavior:
1. Define an alert on Dependency Track 3.8, containing the GLOBAL_AUDIT_CHANGE group
2. Migrate Dependency Track to 4.1
3. Log in as administrator and navigate to Administra…
-
### Task Topic
Other
### Task Description
Configure repository security and analysis using GitHub Secuirty Settings
## Tasks
- [ ] Private vulnerability reporting
- [ ] Dependency graph
- […
-
- Site: [http://localhost:8081](http://localhost:8081)
**New Alerts**
- **X-Content-Type-Options Header Missing** [10021] total: 3:
- [http://localhost:8081/health](http://localhost:8081/hea…
-
Upgrade com.google.guava:guava to fix 2 Dependabot alerts in qa/large-data-tests/pom.xml
Upgrade com.google.guava:guava to version 32.0.0-android or later. For example:
com.google.guava
gua…
-
- [ ] ~Alerts without PRs~ invalid, see https://github.com/DataBiosphere/azul/issues/6242#issuecomment-2159349102 for an explanation
- [ ] Duplicate alerts caused by `requirements.all.txt`
…
-
# Context
Many organizations' security teams are outnumbered by developers, sometimes as drastically as a 1:100 ratio. Also, different organizations have different risk appetites when it comes to dis…