-
There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constan…
-
There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constan…
-
**Describe the bug**
The GitHub Runner versions `2.299.1` and `2.300.0` ([most recent versions](https://github.com/actions/runner/releases) at the time of writing) have 1 critical severity and 6 …
-
The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.
https://docs.github.com/en/code-security/…
-
**Describe the bug**
Not a bug per-se but a package dependency update request. Our AWS vuln scanning (Wiz.io) is picking up signatures for this CVE from file system builds and package dependencies…
-
* terrascan version: 4422eb5 / v1.19.1
### Description
The github.com/hashicorp/go-getter package v1.7.0 has a CRITICAL vulnerability (CVE-2024-3817) and should be updated to v1.7.4.
### What…
-
The current OSV structure combines vulnerability data from different resources (e.g., NVD, Alpine, Debian) into a [single CVE entry ](https://osv.dev/vulnerability/CVE-2024-28757) based on shared CVE …
-
My issue seems to be similar to this [previous one](https://github.com/microsoft/sarif-sdk/issues/2694).
I am using the [trivy open source security scanner](https://github.com/aquasecurity/trivy-ac…
-
### Expected behavior
CVE-2015-8960 is showing up when CVE-scanning, for a lot of scans.
I would expect CVE-2015-8960 not to show up, when the only CPE matching CPE is `cpe:/a:ietf:transport_layer_s…
-
Research and documentation for how Lula will generate and operate on `plan-of-actions-and-milestones`.
## Objective
Establish a document for `plan-of-actions-and-milestones` that evolves as rese…