Tim Dittler

Thanks for this interesting project and your feedback on this issue. It would be more helpful to me to enhance with a list of known-good instead of known-bad dependencies. E.g....

I'm using a `jq` filter to this end. Integrated would be better, but it gets the job done.

> I'd like to ignore some of the vulnerabilities same way as specifying .trivyignore does. > Could this be somehow passed to action? Just add a `.trivyignore` to your GITHUB_WORKSPACE...

Seeing the same on `docker-desktop-4.11.1` and `docker-desktop-4.10.1`

I did some new tests today. * 11:05 activate plugin with `SecRequestBodyAccess off` & `SecResponseBodyAccess off` * 13:35 remove `SecRequestBodyAccess off`  So it looks kind of...

The WAF is attached to the ingress gateway of a kubernetes cluster in the public internet. Therefore, it's really hard to determine what kind of traffic it gets. There is...

They slowed the leakage down, but not enough too be usable in our scenario

Thanks for your comment @sverdlov93 . I tried many different things. Right now, I believe something is off with my image creation process. I'll investigate and re-open this ticket if...

I dug a bit deep and come up with the example above. It's actually not about GH Actions vs. Workstation. I really don't know what's the problem. But `jf scan`...

This is beginning of the log of the second run with `jf scan`: ``` 2022-08-11T14:50:30.0059600Z ##[group]Run jf scan ./image2.tar 2022-08-11T14:50:30.0059915Z jf scan ./image2.tar 2022-08-11T14:50:30.0113850Z shell: /usr/bin/bash -e {0} 2022-08-11T14:50:30.0114118Z env:...