-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.
https://docs.github.com/en/code-security/…
-
Hello,
During a recent security scan, we identified multiple vulnerabilities related to OpenSSL in the MicroK8s Core20 snaps. These vulnerabilities are still present and have not been addressed in …
-
Consider the following action:
```
grype:
needs: build
runs-on: ubuntu-latest
steps:
-
name: Scan image
uses: anchore/scan-action@v4.1.2
id: gryp…
-
Hi, when scanning alpine 3.19 and 3.20 images, Stackrox (ACS) is unable to retrieve the OS CVE data:
![image](https://github.com/user-attachments/assets/971ade72-65b1-4963-a9b9-16360110c19e)
![i…
-
Microsoft Defender for cloud on Azure has detected a vulnerability CVE-2022-44729 in apache-jmeter-5.6.3 Please find report below
`Critical and High severity vulnerabilities detected in your CN…
-
It would be extremely beneficial if the scanner integration was more easily plumbable. If the output was an SBOM in SPDX or CycloneDX formats anyone could write their own task to implement the scanner…
-
grype is reporting the installed consul version as v0.0.0, regardless of the actual version installed
Tested with a docker image which has consul v1.17.3 installed:
```
234156@mypod-0:/> /usr/bin…
-
The current spring version (3.2.5) includes spring-boot-starter-tomcat (from spring-boot-starter-web) which has a security issue (CVE-2024-34750).
This CVE relates to a issue when using HTTP2. Read…
-
Following up from the EPICS collaboration meeting, Ralph Lange and others from the community talked about the security of `ibek-support` and some reservations about using it.
Ralph pointed out the …