Tom Fay
Tom Fay
If RUSTC_WRAPPER is present then cargo-kcov fails to detect test executables, because the "Running `rustc`" match fails
Embedding package information into binaries can enable SCA tools and scanners to detect dependencies and check them for vulnerabilities, without needing a separate mechanism to transfer an SBOM. 1. golang...
It's not clear whether optional fields in manifests and descriptors can be null. By extension, it's also not clear whether or not the canonicalized form of a manifest should omit...
Azure for Operators have many small teams producing Linux container images and sharing them with other teams. We want the consuming teams to be registering the components from those container...
In Azure for Operators there are many projects that manage development dependencies separately from runtime dependencies, e.g: - we have projects of many languages that use Python for functional verification...
I've updated the LinuxComponent to include the source package name where possible. Why? Many Linux distributions (debian/alpine/mariner) publish CVE data against source package names only, so this is required for...
This occurs when the string is nested and more than one level deep, e.g it occurs for {"a": {"b": "[c-d]"}} but not {"b": "[c-d]"} I'd expect the string "{\"a\": {\"b\":...
### How are you running Renovate? Self-hosted ### If you're self-hosting Renovate, tell us what version of Renovate you run. 34.100.1 ### If you're self-hosting Renovate, select which platform you...
cargo allows features to be a comma or space separated string. This crate only allows features to be space separated. (I tried fixing myself, but it's not obvious to me...
Treat *.k8s.io registries like *.gcr.io, as the k8s registries are backed by GCR, and affected by the same q value handling bug.