-
Add a Github Action to scan our published docker images nightly: https://github.com/snyk/actions/tree/master/docker
Action will notify the team if vulnerabilities have been found in any of the base…
-
Currently the package is dependent on `NETStandard.Library@1.6.1` which by it's own dependencies generates security warnings (6 in total). Updating it to the current latest version v2.0.3 solves the s…
-
Since the last release, `v1.12.1`, the following issue has been observed in our pipelines.
```
[2024-10-10T10:56:04.841Z] + + snyk-linux test --configuration-matching=^((?!test).)*$ --file=platfor…
-
Maybe it's a good idea to enable Synk on all projects from or "Handlebars-Net"?
(I was triggered by https://github.com/WireMock-Net/WireMock.Net/pull/750)
-
### Describe the bug
1.3.x is currently using Jackson 2.14.2. Jackson 2.14.2 is affected by https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538.
Bumping to 2.15.0+ would help w…
-
Snyk is reporting bson@1.0.9 as a high-severity vulnerability. How hard would it be to update?
https://snyk.io/vuln/SNYK-JS-BSON-561052
-
# DevEx/OpEx
Write now, @halprin (and maybe others?) get a weekly e-mail of any existing dependency vulnerabilities (via SCA scanning). We should not depend on that. When a new high or critical vul…
-
Security scanning alerts; blocked by `Directory.Build.props` [are not being currently supported.](https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/.net/troubleshooting-.net#not-…
-
We use [Renovate Bot](https://github.com/renovatebot/renovate) on our projects to detect dependencies upgrades and vulnerabilities since Renovate adds OSV database check (https://osv.dev/blog/posts/re…
-
Rather than creating a single Jira ticket per Snyk project issue, there should be an option to create a single Jira ticket per Snyk target. For example, if the Snyk target `snyk/goof` has 3 vulnerabi…