Gal Ofri @ Legit Security issues

Repositories
Issues
Comments

Results 3 issues of


                                            Gal Ofri @ Legit Security

GitHub Action

### TL;DR Prepare a GitHub action for easy integration of legitify as a periodic scanner to keep organizations/repositories secure. ### Detailed design ```markdown This could be implemented as: 1. Workflow...

enhancement

Auto remediation support

### TL;DR As the remediation steps suggest, many policies can be fixed automatically. Introduce a new command to apply these fixes. ### Detailed design ```markdown - Support for receiving the...

enhancement

Prevent insecure tag-based signing

As demonstrated in this [blog post](https://www.legitsecurity.com/blog/why-you-can-still-get-hacked-even-after-signing-your-software-artifacts), signing and verifying container images using tags is insecure. The blog post demonstrates the issue using cosign, but the same principles apply using Notary....

Stale