-
## Vulnerabilities found for metadata-writer:2.2.0
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your pro…
-
There needs to be done a deep review of cryptography usage. Even though you're saying you're using scure/bip39 for mnemonics, it is not the case for every other feature.
1. why is crypto-browserify…
-
-
I noticed there is a BCR package with rules_jvm. Is it an official one? If yes, could you please refer to it in the documentation here?
-
As a development process developer, software supply chain integrity of Superfluid development process should be improved for Javascript projects (inc. NodeJS, Typescripts) to improve maintainability a…
-
Like we did here: https://github.com/openedx/.github/blob/master/.github/dependabot.yml
More details: # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-update…
-
from @ewels
Seeing more and more people ask about SBOM documents for pipelines / containers (software bill of materials). It looks like Trivy can generate SBOMs. Is this something that we could get …
-
k
-
Originate from https://github.com/yuzutech/kroki/pull/1530#discussion_r1196583936
> In general I also tried looking into dependency checksum verification for the pom.xml, but this appears to be a r…
-
#### Current Behavior
See this [security score report](https://artifacthub.io/packages/helm/meshery/meshery?modal=security-report) for details of known vulnerabilities in Meshery's published packages…