-
### Current Behavior
Currently no apparent repository support for C++.
### Proposed Behavior
Support for adding a Conan repository that links C++ SBOMs generated via Conan to live vulnerabili…
-
I'm trying to build the XLA for GPU according to this guide: https://openxla.org/xla/developer_guide. Configuration goes just fine:
```
$ docker exec xla ./configure.py --backend=CUDA
INFO:root:Try…
-
**Describe the bug**
Cloudflared is vulnerable to the stdlib that is in the Golang 1.22.2 version in module net/netip. It is `9.8/10` critical as shown in the vulnerability [CVE-2024-24790](https://…
-
hi
After download elasticsearch-analysis-ik-master.zip and unzip it.
i use mvn package to build it.
mvn vertion:
wanglf@wanglf:/usr/local/elasticsearch$ mvn -V
Apache Maven 2.2.1 (rdebian-14)
Ja…
-
**What happened**:
Trying to use `syft` to generate a SBOM from a Maven `pom.xml` still does not correctly detect some dependency versions despite recent improvements from #2769
In particular th…
-
**Describe the bug:**
Per the title, SciDAVis does not support [`breeze-dark`](https://develop.kde.org/hig/style/color/dark/).
**To Reproduce:**
Steps to reproduce the behaviour:
0. Install Br…
-
I've read numerous posts about others having a similar issue, but none of the solutions on the other threads have yielding positive results.
We are in the middle of upgrading Node and Aurelia for o…
-
**Describe the bug**
Since Jan 13 2023 we have been errors on dependency-check when building packages
We are using maven plugin 3.6.2 and dependency check plugin 5.3.0
example 1
`[WARNING] An …
-
Historically, the ORT analyzer has been pedantic about getting things right (i.e. resolving *exactly* the same dependencies as the build system does), and gathering *all* metadata known about a packag…
-
Currently the risk index is computed with point values for code features hard coded into the script:
https://github.com/linuxfoundation/cii-census/blob/master/oss_package_analysis.py#L313
In the int…