-
Hei!
I'd like to propose to *add* support to specifying requirements in the form of PackageURLs (purls), in work in addition to the existing ways (using dist/module names).
With this, I'm hoping…
-
-
Hi, So I am using vexctl version v0.2.3
I am trying to get grype to ignore a cve (this is purely testing). However I can't get it to match. I've noticed though that the structure of the document ve…
-
|Platform|From|To|
|--|--|--|
|Ubuntu 24|4.7.5-rc1|4.8.0-rc3|
We are tasked with performing a comprehensive analysis of vulnerability discrepancies reported between versions 4.7.5 and 4.8.0 in Ub…
-
## Release Checklist
- [x] [OWNERS](https://github.com/kubernetes-sigs/kueue/blob/main/OWNERS) must LGTM the release proposal.
At least two for minor or major releases. At least one for a patch …
-
### What is VEX?
https://www.cisa.gov/resources-tools/resources/minimum-requirements-vulnerability-exploitability-exchange-vex
VEX, which stands for Vulnerability Exploitability Exchange, is a s…
-
**What happened**:
I am testing use of vex for excluding cve's.
The image is in an azure acr - it scans the image ok for vulnerabilities. I am testing this against an image from dockerhub i know …
-
The Common Security Advisory Framework Version 2.0 is now an approved specification in the industry. Details about the specification can be found at: https://csaf.io and https://docs.oasis-open.org/cs…
-
MVSR (Mission, Vision, Strategy, Roadmap)[1] is a tool that helps provide a consistent way of expressing our goals and efforts across the foundation. All working groups have been asked to express the…
-
GSoC 2024 has been officially announced and the schedule is up here:
https://developers.google.com/open-source/gsoc/timeline
We'll want to have some _viable_ ideas nailed down around the end of Ja…