-
Our OWASP scan detects two high vulnerabilities for the org.json:json:20240303 version:
https://nvd.nist.gov/vuln/detail/CVE-2022-45688
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-507…
-
### Current Behavior
Hello,
We upload several SBOM files holding hundreds of dependencies, but when calling ODT API api/v1/bom/cyclonedx/project/XXXX?variant=withVulnerabilities -> we're missing th…
-
#### Description
After deploying Harbor using the Helm chart in version `1.15.1`, the daily automated security scan does not report any vulnerabilities. However, when manually initiating a scan, vu…
-
It would be very helpful to receive Syslog messages when Clair detects a vulnerability within a container image.
Syslog notifications would help platform / security teams have visibility on contai…
-
-
Hi,
It seems that `nvd-clojure` detects quite a few HIGH vulnerabilities due to the Batik dependencies version used in `on-time`:
- `batik-css-1.15.jar`: `CVE-2022-44729`, `CVE-2022-42890`, `CVE…
-
**Describe the bug**
The indexer-app detects no vulnerabilities on images build with [Kaniko](https://github.com/GoogleContainerTools/kaniko).
**To Reproduce**
1. Create a Dockerfile:
```Docke…
-
[The _Vulnerabilities_ check has the following description](https://github.com/ossf/scorecard/blob/c1066d9ac232e835ec0c22a255cdd46ec58dd2c7/docs/checks.md#vulnerabilities):
> This check determines …
-
When the local vulnerability scan detects new vulnerabilities, the user should somehow be notified of this.
One approach might be to use systemd's `OnFailure` option for this: the `OnFailure` could…
-
### Nuclei version:
last
### --
When I use payloads together with oast, it results in a miss. Here's an example of the test command I used, along with a yaml template, and a php test.…