Niklas

icon indicating an email [email protected]

icon location Kiel, Germany icon location "I have no idea why this works. You better don't touch it."

Results 838 comments of Niklas

Add CVSS score for GHSA vulnerabilites

Thanks for reporting @WDN2010. I am relabeling this as defect, because we already parse this info from GHSA. Perhaps the fields or the way they are populated in their GraphQL...

Add CVSS score for GHSA vulnerabilites

@msymons For the time being, they'll simply be tracked as two separate vulnerabilities, each with their own scoring. That's why we track aliases separately, instead of simply merging multiple vulnerabilities...

Dependency-Track NVD API mirroring for Dependency-Check

It might be best that DT adopts to working with the cache created by [`vulnz`](https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz), which is what DC is already doing or [will be doing](https://github.com/jeremylong/DependencyCheck/issues/6277#issuecomment-1851883652). That way you could...

Dependency-Track NVD API mirroring for Dependency-Check

For those not following the linked DependencyCheck thread, what we'll do on the DT side is to provide an **optional** feature which can be used to *emulate* the NVD's REST...

Group Sync with Azure AD via graph.windows.net does not seem to work anymore.

To me this part seems off: > ``` > "_claim_names": { > "groups": "src1" > }, > ``` The `groups` claim should be on the root level of the JSON...

Dependency-Track NVD API mirroring for Dependency-Check

@Kretikus Does it ever complete successfully? There should be a log line stating: > Mirroring of CVEs completed in Unfortunately due to the way the API was designed, we cannot...

Group Sync with Azure AD via graph.windows.net does not seem to work anymore.

Changelogs are [here](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt), but nothing obvious between those versions that could cause this behavior. Found [this](https://stackoverflow.com/a/55464397) regarding the `_claim_names` claim: > The claim you're getting back as part of json...

Group Sync with Azure AD via graph.windows.net does not seem to work anymore.

In the current OIDC logic we don't handle any non-standard cases. In order to resolve this issue with Azure AD, we'd need to have extra logic in the [profile creation](https://github.com/stevespringett/Alpine/blob/157958bfe7fa5ad95e653667f7ce3282aed23af1/alpine-server/src/main/java/alpine/server/auth/OidcAuthenticationService.java#L127)...

Dependency-Track NVD API mirroring for Dependency-Check

The NVD setting should not require a restart. The decision of which source to use is happening dynamically at runtime. ... but I think change of schedule does, because tasks...

Dependency-Track NVD API mirroring for Dependency-Check

An official update has been posted here: https://groups.google.com/a/list.nist.gov/g/nvd-news/c/aofnAd3HP2g > Due to feedback received from many different downstream data consumer groups after our previous reminder, **we will again be extending the...