hpvd
hpvd
Latest security analysis show - a stunning step in reducing the number of included vulnerabilities (minus 85%!) - v2.9.4 with pulsar 2.9.3 **1024 vulnerabilities (698 fixable) have been detected in...
- on the other hand - the number of fixable vulnerabilities with a severity of CRITICAL has risen from 1 to 4 (plus 300%!)  
- - very old fixable and already reported vulnerabilities (up to 9 years old) are still included in pulsar image:  edit: just opened a separate issue for this: https://github.com/apache/pulsar/issues/18338
here you can find a blog post with the anoucement of the availability of automatic code scanning for security https://github.blog/2020-09-30-code-scanning-is-now-available/
A new GitHub feature which may also lead to some kind of "security routine" when merging pull requests, was presented at GitHub Universe 2020: "Dependency Review" : From announcement: >...
These points could possibly be classified as "low-hanging fruits" in the field of security (at least if they work as expected and there are not to many false positive findings...
as a last point to this topic: it may be also interesting to give GitHub's "super linter" a try and let it check the hole project on every release or...
many thanks @alexku7 for describing your findings and view in details including the concrete consequence. Imho this is not only an obstacle for "highly secured production environment" but for a...
-> Could there be a better advertising for pulsars' awesome quality, than being used directly by people and companies working in highly secured fields ?? :-)
Of course we have also seen, the major work in fields of security and code quality in the past months (probably coming to **live in v2.8**), like - enabling spotbugs...