Jamie Magee
Jamie Magee
### Describe the need NuGet trusted publishing eliminates the need to have a long-lived secret - https://learn.microsoft.com/nuget/nuget-org/trusted-publishing - https://github.com/NuGet/login ### SDK Version _No response_ ### API Version _No response_ ###...
### Describe the feature Recent [supply chain attacks on npm](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) have highlighted the need for stronger package publishing security. The September 2025 Shai-Hulud worm compromised 500+ packages through stolen maintainer...
.NET 7 went EOL on 14th May 2024[^1]. Similar to #202572, which dealt with the deprecation of .NET Core 3.1, we should make an effort to update or patch packages...
Recent [supply chain attacks on npm](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) have highlighted the need for stronger package publishing security. The September 2025 Shai-Hulud worm compromised 500+ packages through stolen maintainer tokens, showing the risks...
See https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools-how-to-create
This change introduces support for scanning system-level packages, starting with sqlite-based RPM databases Here's a sample scanning `mcr.microsoft.com/azurelinux/base/core:3.0`: https://gist.github.com/JamieMagee/8213dcc0353f70cd1bb4519bf2c2db4f
Recent [supply chain attacks on npm](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) have highlighted the need for stronger package publishing security. The September 2025 Shai-Hulud worm compromised 500+ packages through stolen maintainer tokens, showing the risks...
Recent [supply chain attacks on npm](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) have highlighted the need for stronger package publishing security. The September 2025 Shai-Hulud worm compromised 500+ packages through stolen maintainer tokens, showing the risks...
Running `golangci-lint`, either locally or in GitHub Actions, outputs a lot of warnings: ``` WARN The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is...
This release includes quite a few changes, but the most relevant ones are: - [Add support for application-level component support in containers (#1529)][1] - [Update Syft from 1.16.0 to 1.37.0...