Dave Wichers
Dave Wichers
Can Blankie add support for more security headers like Helmet does? https://github.com/helmetjs/helmet Or, is there a way to use Helmet with the HAPI framework rather than using Blankie, since Helmet...
Most CSP libraries, like Helmet for example, set: frame-ancestors 'self'; by default. Can you add that to the default setting for Blankie? And make it clear how to turn that...
When running SpotBugs it is reporting a DM_DEFAULT_ENCODING issue. When I click on the link to take me to the above, there is no content. Did it get deleted accidentally?...
The command line version allows you to generate results files in various formats, like JSON, Sarif, and possibly others. Could you add a feature to the web UI that allows...
I'm using findsecbugs:1.10.1 with spotbogs (using the maven plugin) and the spotbugs report includes a link to: https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#URLCONNECTION_SSRF_FD This is a security issue, but this link doesn't exist. Is this...
Given the transition, and the fact that some methods went away in this update, can you update the code examples to clearly indicate whether the annotations used in the examples...
This issue was raised long ago in #1770 and ignored. I'm raising it again. If you look at a few modern discussions: https://security.stackexchange.com/questions/253924/is-it-better-to-disable-x-xss-protection-header-or-set-the-header-as-x-xss-prote https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#x-xss-protection-header They both recommend disabling this header...
**Describe the bug** The installation instructions say to do this (Using Go v13+): go get github.com/insidersec/insider/cmd/insider **To Reproduce** When I do, this is what happens: MYDIR % go version go...
Lots of tools generate .json results files. Can you add some metadata to your .json results files that includes data like: - Toolname - Tool version - Scan start time...
ASHTMLSerializer extends org.apache.xml.serialize.HTMLSerializer, which is deprecated. "Deprecated. This class was deprecated in Xerces 2.6.2. It is recommended that new applications use JAXP's Transformation API for XML (TrAX) for serializing HTML....