Tim Ellison
Tim Ellison
FYI, running the tool on some workflows will result in, for [example](https://github.com/adoptium/website-v2/blob/main/.github/workflows/auto-merge.yml), ``` KnownIssue-7: Action adoptium/.github/.github/workflows/pr-auto-merge.yml@main is a reusable workflow. Reusable workflows are not supported as of now. ``` Just...
@gdams, since we don't know how long it will take to get a fix for https://github.com/step-security/secure-workflows/issues/1087 and https://github.com/EclipseFdn/projects-bots-api/issues/14 I'm temped to use the tool to find the hashes and 'manually'...
> @gdams, @tellison, and @karianna, you should have access to it using your GitHub account. FYI I'm seeing access forbidden at the moment and am authenticating with my GitHub account.
> Sorry about that, there was an issue in setting up the access. When you get a chance, can you please try again? That works now, thanks
I'm also seeing this same error when attempting to sign our SBOM See discussion at: https://github.com/adoptium/temurin-build/issues/3158
Hi @coderpatros , I have tried it from the [cli docker image](https://github.com/CycloneDX/cyclonedx-cli/blob/main/Dockerfile) where I assume that the dependencies are correct, and get the same outcome. ``` $ docker run -v...
IMHO we shouldn't be pursuing the approach of parsing the OpenJDK webpage depiction of vulnerabilities, but rather approach the OpenJDK Vulnerability Group (OJVG) with a request for them to publish...
Thinking about this again, and after a discussion with a few people here, I propose we create a Vulnerability Disclosure Report (as described above) for Temurin. The VDR would cover...
A first pass of an example Temurin VDR entry. Trying to blend the [CycloneDX 1.5 schema](https://cyclonedx.org/docs/1.5/json/) with the information returned by NVD ([example](https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-25193)) and OpenJDK disclosures ([example](https://openjdk.org/groups/vulnerability/advisories/2023-07-18)) that is likely...
See also https://github.com/adoptium/temurin-build/issues/3127