-
I am trying to find out if the Artifact Registry has vulnerability scanning enabled. I am not able to find this information via the project settings or repository details, but I'd like to be able to r…
-
Container scans can be performed on Dockerhub for pushed images, we could push the images there too so we can access/republish new images based on any problems found or we can look into whether we get…
-
grype is reporting the installed consul version as v0.0.0, regardless of the actual version installed
Tested with a docker image which has consul v1.17.3 installed:
```
234156@mypod-0:/> /usr/bin…
-
**User Stories**
As a VIC Admin, I should be able to prevent containers based on vulnerable images from running in production environments
**Acceptance Criteria**
A set of sized user-stories …
-
### User Story
Conversation with CNCS, IBM and ReHat resulted in the need of an array of `component` in the `source-ssp` in order to preserve the `by-component` granularity of the inherited controls …
-
### Overview of feature request
Enterprises use a variety of container registries dependent upon their needs and priorities. Container registries differentiate themselves on factors mostly outside of…
-
### Discussed in https://github.com/blacklanternsecurity/bbot/discussions/1329
Originally posted by **amiremami** April 29, 2024
That would be great if possible to add a config option for para…
-
### Required
- [x] turn on private vulnerability reporting within Github
- [ ] update community/SECURITY.md to point to private vulnerability reporting
- [x] turn on secret scanning (required by IBM o…
-
### Task Topic
Other
### Task Description
Configure repository security and analysis using GitHub Secuirty Settings
## Tasks
- [ ] Private vulnerability reporting
- [ ] Dependency graph
- […
-
**Describe the bug**
Snyk code vulnerability scanner was run on vendored uber-go code and found an issue:
> Error: SNYK_CODE_WARNING ([CWE-23](https://cwe.mitre.org/data/definitions/23.html)):
> …