Ross Tannenbaum
Ross Tannenbaum
NVD is migrating from schema 1.1 to 2.0. This migration also includes the retirement of its legacy data feeds in favor of an API-driven approach. See https://nvd.nist.gov/vuln/data-feeds#JSON_FEED and https://nvd.nist.gov/developers/vulnerabilities for...
Manually handling dependabot updates is annoying, and we tend to just blindly accept the updates anyway. Perhaps we should consider adding roxbot to this repo and having it take care...
This was originally discovered in StackRox Scanner V2: https://github.com/stackrox/stackrox/issues/7033 StackRox now offers a Scanner based on ClairCore, which also has this same problem. The issue is that ClairCore does not...
The repo-2cpe mapping file and the container-name mapping file only update once per day (I think), so it makes sense to only bother fetching it once per day. However, ClairCore...
After I thought #1180 would fix the panic I ran into, it turns out it's still there. I believe this is the culprit. `Next` does the following loop: ``` if...
go1.21 introduced the [`slices` package](https://pkg.go.dev/slices) which offers nice utility functions related to slices. It comes with sorting functions which we should use instead of the older, `sort` package for slices....
## Description A detailed explanation of the changes in your PR. Feel free to remove this section if it is overkill for your PR, and the title of your PR...
## Description There is a desire to show both vendor-specific CVSS score as well as NVD's score. This PR adds the ADR for updating Scanner's API for this purpose. ##...
## Description A detailed explanation of the changes in your PR. Feel free to remove this section if it is overkill for your PR, and the title of your PR...
https://github.com/mholt/archiver/pull/396 has yet to land so github.com/mholt/archiver/v3 is still affected by CVE-2024-0406. This repository is *not* affected by this vulnerability. This PR removes the dependency to: * minimize dependencies *...