-
Tracking issue for:
- [ ] https://github.com/Voornaamenachternaam/chachacrypt/security/code-scanning/75
-
Components are often released under multiple licenses. SPDX license expressions provide this, and other capabilities.
https://github.com/CycloneDX/specification/issues/1
-
### Background
Security scanning is a valuable way to find issues with our images, but we are not doing it consistently or methodically.
- Very often issues are brought up by users who are tryin…
-
3.3.1 plans:
- evaluate some of the NVD overlay / extra meta data /alternative data sources and see which ones should be integrated
- NVD is currently very backlogged and it's getting worse due to…
-
For cases where ProdSec bot opens up a ticket corresponding to a CVE that we are not directly affected by, i.e., none of the codepaths in the codebase use the affected symbols, do the following:
- …
-
### What steps will reproduce the bug?
Scans of the most recent `wait-for-port` release are showing multiple vulnerabilities in the version of go that was used to build the binary.
- Critical: https…
-
Hello team,
It seems that image
cypress/browsers:node-20.11.0-chrome-121.0.6167.85-1-ff-120.0-edge-121.0.2277.83-1
has some critical vulnerability according to checkov code scanning
https:…
-
**Describe the bug**
While scanning my Laravel application's manifest file using Vulert for vulnerability checks, I identified an issue associated with your package.
**Reference**
Upon conducting…
-
### Description
Investigate whether the "potential security issue" flagged in `ShelveStore` is something we need to address.
### Context
The team received the following message:
Hi kedro-org…
-
**I'm submitting a
```
[] bug report => see 'Providing a Reproducible Scenario'
[] feature request => do not use Github for feature requests, see 'Customers of AG Grid'
[x] support request => see …