Chad Bentz
Chad Bentz
Build reading packages from Klondike is throwing the error: > The feed 'xxxx' lists package 'yyyy' but multiple attempts to download the nupkg have failed. The feed is either invalid...
## Pre-requisites - [ ] Prior to submitting a new workflow, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner). --- ### **Please note that at this time we...
[Compiled Guide](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/compiled-languages.md) - [Java](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/compiled-languages-java.md) - [C#](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/compiled-languages-csharp.md) - [CPP](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/compiled-languages-cpp.md) [Interpreted Guide](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/interpreted-languages.md) - [python](https://github.com/advanced-security/advanced-security-material/blob/6ed0e2758e50c72a26d59b4d2f5625ebad9bdb5d/troubleshooting/codeql-builds/interpreted-languages-python.md)
View rendered mermaid [here](https://github.com/securingdev/codeql/blob/5636c599957f7a976bcc03fe4135b70dd293f77c/CVE-2022-22965/README.md)
### Why: Clarifies that secret scanning push protection is covered by configuration in secret_scanning.yml ### What's being changed (if available, include any code snippets, screenshots, or gifs):  - `",...
tfsec starter workflow bump to latest version v0.1.4 of action - report of the action failing due to comment in file, moving to latest version resolves ## Pre-requisites - [...
This pull request updates the version of the `pmd/pmd-github-action` GitHub action used in the `code-scanning/pmd.yml` file, replacing the old version with a new one. No other changes are made to...
See: [Use LibMan with ASP.NET Core in Visual Studio](https://learn.microsoft.com/en-us/aspnet/core/client-side/libman/libman-vs?view=aspnetcore-7.0#manually-configure-libman-manifest-file-entries) Repos using this are not normally configured with a package manifest other then libman.json. The dependencies are then vendored/installed in target...
When reporting out blocking vulnerable packages, it can be hard to know why a vulnerability might have been excluded from the policy. By default, we do not fail/alert on vulnerable...
Using `retry-on-snapshot-warnings` for a submission from a different workflow [as described in the docs](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#using-github-actions-to-access-the-dependency-submission-api-and-the-dependency-review-api). If the snapshot upload completes during the phase where the review task is waiting for an...