Summary

(I tested this for G201 but inspected the code for G202 and believe it has the same issue.)

G201 will detect SQL string formatting when I have fmt.Sprintf("SELECT * FROM TEST UNION %s", "SELECT * FROM test") in my code. However, it will not detect when I have fmt.Sprintf("select * from test union %s", "select * from test") in my code. I believe this is a bug.

See: https://g

Exploiter selector should have these additional features:

• Filter by type. There should be keywords/buttons like "brute force", "vulnerability", "unsafe", "all" that would enable/disable corresponding exploiters.
• Exploiter description. Upon clicking on exploiter user should see a short description of with with CVE if it has one.

This feature should be an extension of [list selection reac

Multiples wiki issues.

Typos

• https://github.com/infobyte/faraday/wiki/Executive-Report#using-markdown-on-a-report: -lenguage +language

Bad links

• https://github.com/infobyte/faraday/wiki/Executive-Report#requirements: https://github.com/infobyte/faraday/wiki/first-steps, the nedpoint first-steps doesn't exist anymore.

Images

• https://github.com/infob

I would like to see documentation for using Astra with most popular authentication/token methods. So much work but just one page of documentation. Please update this so it gets more widely used and more feedback on the product this way. Thanks

I'm just starting out in using DefectDojo, and am a bit confused on what the Tool Type and Tool Configuration sections inside Configuration. I know that documentation is something DefectDojo prides itself on, and I greatly appreciate the breadth of it... but I can't seem to find this documented anywhere.

Description of problem:

I have never written SCAP content before, and am looking at how to get started. I would like to write SCAP content to test compliance on Photon OS against DISA SRGs. I have been all over the wiki pages, but I am still not sure how to get started. The main page makes it look super easy for writing OVAL and XCCDF files using YAML, but I am not sure where to build those

Any good docs on the code structure on how to add new providers there ? Code is slightly convoluted and it's quite hard to see what changes are required to add one - ideally, they'd be plugin-like structure bundled in one dir, aren't they yet ?

Description

Customer have unique requirements for alarming, specifically with respect to log processing.

As a customer, I would like to know how to configure alarms on log processing volume.

Acceptance Criteria

• Document in operations doc page how to add alarms on log processing with examples

https://docs.dependencytrack.org/integrations/badges/

Current Behavior:

You need to hardcode version (or UUID - which changes by version (!)) in the url for the badge - it would be more convenient to have an url for latest version.

Proposed Behavior:

Just point at name and get semver latest version (or latest scanned version) - this way the url can be stable in READMEs etc.

Just getting my bearings in the FACT code and perhaps I'm misinterpreting somethin but I'm wondering if common_helper_files is equivalent to helperFiles and also if get_dir_of_file() is equivalent to get_directory_of_current_file() in fileSystem? If so, I gather that the former are to be deprecated? If so, this should be documented.

The plugin template is well documented in its basics but metho

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).

Describe the bug
Workers need to await a coroutine in order to run in parallel.

To Reproduce
I created a demo to illustrate what I am talking about: https://github.com/ytreister/stoq/tree/workers_in_parallel/demo

You can run scan.py which show the following:
All workers await a coroutine: (This is what I want it to do)

2020-04-19 19:53:19 DEBUG stoq:core.py:scan_request

Seems that InnoSetup is included by default in AppVeyor to create the Windows installer. We should use it and automatically add it to our release. Some links:

• https://www.appveyor.com/docs/build-environment/
• http://help.appveyor.com/discussions/problems/4482-chocolatey-package-install-failure

As of this Pull Request, if Gitleaks takes longer than 5 minutes to finish it will timeout and end the analysis saying it took too long to complete.

In order to still be able to provide developers with the full output of the tool, it would be great to have some instructions in huskyCI's documentation on

Hi
i am using docker-compose in windows 7
postgres,rabbitmq and django application services build,but nginx service has an error!

nginx:
volumes:
- ./nginx_docker.conf:/etc/nginx/conf.d/default.conf

in this part "nginx_docker.conf" is not a directory and i have error "not a directory" in running "docker-compose up" command.
what is your solution for my problem?