Josh Bressers
Josh Bressers
I agree the existing flags aren't ideal, but I think reusing one of them would create a horrible transition. I think it would make more sense to create two new...
@wagoodman Do you have the credentials for ArtifactHub?
@vargenau Do you know how tern accomplishes this?
> In case it helps, https://github.com/tern-tools/tern/blob/main/tern/analyze/default/dockerfile/run.py That process looks very heavy and error prone. I think it would make more sense given the state of all tooling to just build...
These are great questions @wagoodman My knee jerk reaction to this was "why wouldn't it!" But upon further thought, I'm less certain. Today Syft is functionally a tool for taking...
I found a goreleaser bug that should cover this case https://github.com/goreleaser/goreleaser/issues/3219 A workaround I use when developing on Debian is to comment out all the arm64 bits in the goreleaser...
A decent writeup of this can be found here https://isc.sans.edu/diary/28678
Here's the details I could dig up on the ctx issue https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002521.json
Here's some details on the phpass issue https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002522.json
I'm in the process of turning advisories into json using the OSSF wg-vulnerability-disclosures schema as the starting point https://github.com/ossf/wg-vulnerability-disclosures/blob/main/src/schema/vulnerability.schema.json The current version semantics in that schema are nightmarish so I...