-
There's no clear definition about what's an **artifact**, although the meaning can be found when reading the specification. It's nevertheless meaningful having a clear [definition](https://github.com/…
-
VEX is an emerging spec, and tool set to ease the burden of determining vulnerability exploitation likelihood within components used during a build. OpenVEX is a community currently developing a spec,…
-
Multiclient research report shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks.
-
## Issue description
As discussed in https://github.com/NixOS/nixpkgs/issues/196460, the PolyMC minecraft launcher project appears to have been compromised and its meta-data server cannot be truste…
-
Current Chapter 14 tackles Build and Deploy systems, specifically describing in 14.1.1:
> Verify that the application build and deployment processes are performed in a secure and repeatable way, such…
-
SLSA noob here, so maybe it's a stupid question.
From reading the docs I didn't see a tool which could help with determining the SLSA level of some project. So I want to know whether folks just com…
-
Hello, i've looking in the forum and on google, but there is no information about it,
i'm use a : Pine A64+ 2016 kickstarter version with 2gb of ram
Latest image : Lakka-A64.arm-nightly-20201221-62c…
-
The below is an old draft of the proposal. The up-to-date proposal can be found at https://eips.ethereum.org/EIPS/eip-223
Discussion should occur at https://ethereum-magicians.org/t/erc-223-token-st…
-
**Is your feature request related to a problem? Please describe.**
A self hosted Debian/Ubuntu repository for the Buskill app
**Describe the solution you'd like**
The ability to install Buskill o…
-
We want to improve curio to cover more general security related issues.
To do this we want to implement Ruby rules that cover the top [10 OWASP issues](https://owasp.org/www-project-top-ten/):
…