The email address provided in the "Commercial Uses" section in LICENSE.md is invalid. Emails send to that address return with "User unknown" notice.

• node -v: v13.3.0
• npm -v:6.13.1
• snyk -v:1.294.1
• OS: (e.g. OSX, Linux, Windows, ...) windows
• Command run: (e.g. snyk test --all-projects, snyk protect, ...)

snyk test --all-projects

Expected behaviour

for each project snyk will use the snyk policy file in the project directory, not the one in the current workingdirectory. Or, even better, snyk combines th

(This old idea popped up to my mind while discussing #219.)

To be both consistent and more intuitive, etc/plugins.txt should be rename etc/plugins.ini.

*.ini or *.conf carry a meaning, whereas *.txt is not. Since the base of cve-search uses *.ini , let's stick to that. Python configparser documentation also refer to "INI fi

Context

• This is part of release-1.5 #148
• Context from #82
• Critical task

Tasks

• Upgrade dependencies to secure latest versions in package.json
• Validate the instalation with the local test
• Add and submit the changes in package-lock.json
• Add the primary depdency list to the readme.md
• Check that the npm tasks are working as expected
• [

Currently, engine does not support matching vulnerabilities against the busybox "package" itself. Detected applications are scanned (npm, python, java, etc), but because there aren't os packages as with Centos, Deb, etc there is no "os package" vuln scanning support.

The solution is to add a virtual package to the anchore analysis for the busybox binary itself, which anchore already detects as

The test responds with a URL that is missing. We either need to create the page, or change this to link back to the old tutorial if nothing changed from a functional standpoint between R4/R5.

rspec ./spec/vulnerabilities/mass_assignment_spec.rb:12 # mass assignment attack one
rspec ./spec/vulnerabilities/mass_assignment_spec.rb:26 # mass assignment attack two, Tutorial: https://github.com

As requested, I am pointing to a comment you solicited regarding some improvements I would suggest for dawnscanner. The improvements are:

• Document all scans that are performed, grouping them by type of scan and detailing what they scan
• Consider not using a centralized scan directory at the top level of the user home dir
• Document the scan results DB and dir structure

For original com

https://docs.dependencytrack.org/integrations/badges/

Current Behavior:

You need to hardcode version (or UUID - which changes by version (!)) in the url for the badge - it would be more convenient to have an url for latest version.

Proposed Behavior:

Just point at name and get semver latest version (or latest scanned version) - this way the url can be stable in READMEs etc.