search

oracle / macaron

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
https://oracle.github.io/macaron/
Universal Permissive License v1.0
113 stars 18 forks source link

New check idea: find CVEs against the current version of the build platform #478

Open nathanwn opened 9 months ago

nathanwn commented 9 months ago

New check idea: Macaron can look for CVEs against the build platform/CI service version that builds an artifact. The idea of this new check was originally motivated by this security update from GitLab: https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/.

behnazh-w commented 9 months ago

Thanks! That would be a helpful check.