devsecops

Currently, Trivy traverses all paths and looks for all Gemfile.lock in a container image. However, the image sometimes has only Gemfile.lock and doesn't install gems listed in the Gemfile.lock. I think a gem should have *.gemspec file if it is installed. e.g. rake.gemspec has the information about rake.

To avoid false positives from Gemfile.lock, we are probably able to take advantage of `*

Hello,

Do you plan to support Terraform scans with OpenStack in the future ?

Regards

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

Current Behavior:

When viewing vulns in the Audit Vulnerabilities tab. the Analysis column appears to contain code (enum?) names, e.g. NOT_SET, FALSE_POSITIVE. This problem also occurs in Policy Violations tab.

Steps to Reproduce:

Open the Audit Vulnerabilities tab.

Expected Behavior:

The Analysis column contains language specific analysis values, e.g. Not Set, False Positive

https://github.com/HXSecurity/DongTai-agent-java/blob/95e0f01f2b0141e1d3671bc005c2b0786e0d5e05/iast-agent/src/main/java/com/secnium/iast/agent/manager/EngineManager.java#L78

As developers of the securecCodeBox we want to release new scanner versions more frequently.
To enable us to update more frequently we need some kind of notification for the new scanner version.

One possible solution could be that GitHub provides Atom feeds for releases of repositories.
See: https://www.ronaldsvilcins.com/2020/03/26/rss-feeds-for-your-github-releases-tags-and-activity/
A Pro

Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.

#21 516.9 > keytar@7.6.0 install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9 
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64

devsecops

Here are 303 public repositories matching this topic...

MobSF / Mobile-Security-Framework-MobSF

aquasecurity / trivy

aquasecurity / tfsec

infobyte / faraday

bridgecrewio / checkov

devsecops / awesome-devsecops

bunkerity / bunkerized-nginx

accurics / terrascan

baidu / openrasp

ajinabraham / nodejsscan

DefectDojo / django-DefectDojo

archerysec / archerysec

madhuakula / kubernetes-goat

DependencyTrack / dependency-track

Current Behavior:

Steps to Reproduce:

Expected Behavior:

ajinabraham / CMSScan

gravitl / netmaker

GitGuardian / ggshield

guardrailsio / awesome-php-security

octarinesec / kube-scan

bridgecrewio / terragoat

deepfence / ThreatMapper

HXSecurity / DongTai-agent-java

OWASP / glue

hysnsec / awesome-threat-modelling

dowjones / hammer

secureCodeBox / secureCodeBox

security-prince / Application-Security-Engineer-Interview-Questions

jturgasen / my-links

ztosec / hunter

ShiftLeftSecurity / sast-scan

Improve this page

Add this topic to your repo