Comments (8)
Hi all, thanks for opening this issue! And wow that is a lot of 👍 interest!
We have opened an issue internally to look into this and see what we would need to do to support it.
from advisory-database.
We had a good meeting with @taladrane and part of her team today. I have some homework to pull together various things about how Perl modules work and so on so GitHub can see how that would fit into their workflow. This is progressing satisfactorily, and neither side is making any promises about anything. We're a long way from actual support, but I'm very happy that I even got the meeting and that they had lots of good questions. :)
from advisory-database.
@KateCatlin @taladrane Hi! I'm one of the members of the CPAN Security Group (@CPAN-Security), and I'd like to support the initiative by @briandfoy to add Perl as an environment in your advisory database.
Some of our goals are to help triage vulnerabilities with the Perl and CPAN community, secure the CPAN supply chain and help with the development of security related tooling. You can find more information about our efforts on https://security.metacpan.org/ or contact us on [email protected]
from advisory-database.
This looks like the same request for C/C++ in #2963 and #3266.
from advisory-database.
Fully support this
from advisory-database.
Thanks for offering, Brian! We'd love to have this conversation!
I'm actually going to pass this over to @taladrane who is the leader of our Advisory Database Curation team, the team that would be most involved in taking on a new ecosystem to support. I'll let you two follow up and connect from here!
from advisory-database.
I support this!
from advisory-database.
@KateCatlin - I didn't see another way to get in touch with you, but as one of the people who maintains some of the Perl tools that do security audits for Perl projects, I'd be happy to talk to you about how the Perl community could help the GitHub Advisory Database. I'm happy to help as a volunteer in any way that I can be useful. If you want to take it offline, my email is on https://briandfoy.github.io .
For example, I maintain the CPAN Security Advisory, which is a secondary source of information that collates a bunch of different sources for our tools. Currently I'm adding the GitHub Advisory ID to anything we are tracking. As part of that, I've collected a bunch of information on affected versions, fixed versions, and a few other things for Perl advisories. It's something I've been doing for awhile. There are a lot of people that help, so we have a lot of information that can improve the GitHub reports.
from advisory-database.
Related Issues (20)
- GHSA-679j-53p9-4q59 HOT 1
- advise
- GHSA-rjhf-4mh8-9xjq is a duplicate of GHSA-3mv5-343c-w2qg HOT 1
- Missing CVE-2023-44487 advisory for Apache Tomcat HOT 3
- Removal of advisory for internal package (GHSA-8m6q-xfx2-69c2) HOT 1
- Repo specific advisories with CVE IDs don't make it into the global set HOT 3
- gen-mapping is listed as malware HOT 3
- https://github.com/advisories/GHSA-257q-pv89-v3xv lists Nuget twice. HOT 2
- Inconsistent package identifier format for vulnerabilities in the Swift ecosystem HOT 1
- include advisories from Snyk HOT 3
- arduino-ide-extension marked as malware HOT 13
- NPM IP package warning overstates danger HOT 2
- GHSA-5mwm-wccq-xqcp contains an incorrect reference HOT 3
- New Rails vulnerabilities have been disclosed. HOT 1
- www.google.com
- nogot HOT 1
- GHSA-cqhr-jqvc-qw9p has an invalid CVE id and appears to be a duplicate of GHSA-g66q-grxc-64j3 HOT 1
- Add C/C++ ecosystem like conan. HOT 1
- GHSA-5667-3wch-7q7w aka CVE-2024-1023 has wrong version range
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from advisory-database.