Roberto Polli
Roberto Polli
## I expect pom.xml to check dependencies for vulnerabilities.
## I expect - to get warnings when using a sourcecode type not listed in https://www.rfc-editor.org/materials/sourcecode-types.txt ## Notes - where is the best place to put this check?
## This PR - adds informative owasp dependency checks in CI ## Note you can enforce validation output and block deployment when insecure deps are found
**User story** As a [developer], I want to [check the security of dependencies] so that [the software is more secure] **Additional context** Run org.owasp:dependency-check-maven:check
## Enhancement - Suggest using FQDN images (e.g., docker.io/, ghcr.io/ ) to avoid name collisions when using local repos.
# Discussion I found this very interesting PoV https://pythonspeed.com/articles/security-updates-in-docker/ that made it into Hadolint rules. I suggest to replace the `no update` rule with a `no dist-upgrade` rule. See https://github.com/hadolint/hadolint/issues/562
Latest release introduces x-example.
# I expect processing ``` ... cnr - Z6HZEH - STLab Istituto di Scienze e Tecnologie della Cognizione del CNR - Semantic Technology Lab (STLab) ... ``` ## Instead ```...
### Current Behavior I was not able to find the documentation to reset the admin password. ### Proposed Behavior Document how to generate a ManagedPassword. IF you are interested I...
## Description False positive on CKV_OPENAPI_3: "Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files" ## When I process The following OAS3 securityScheme ```...