Comments (1)
I think this would be beneficial to the current security vulnerability universe to do this. It should be acknowledged that this is not technically correct behavior, but it would help solve a very real problem in the short term.
The technically correct behavior is for various SBOM and vulnerability scanners to correctly reach inside a webjar and report the NPM findings as NPM findings, not as java findings.
However, this is not how much of the current scanners work. They will probably get there someday, but the space is still too new and there are other larger rocks to move first.
I believe this is one of those instances where doing something that isn't technically correct, but solves an existing problem makes sense.
from advisory-database.
Related Issues (20)
- https://github.com/advisories/GHSA-257q-pv89-v3xv lists Nuget twice. HOT 2
- Inconsistent package identifier format for vulnerabilities in the Swift ecosystem HOT 1
- include advisories from Snyk HOT 3
- arduino-ide-extension marked as malware HOT 13
- List Perl as an environment HOT 8
- NPM IP package warning overstates danger HOT 2
- GHSA-5mwm-wccq-xqcp contains an incorrect reference HOT 3
- New Rails vulnerabilities have been disclosed. HOT 1
- www.google.com
- nogot HOT 1
- GHSA-cqhr-jqvc-qw9p has an invalid CVE id and appears to be a duplicate of GHSA-g66q-grxc-64j3 HOT 1
- Add C/C++ ecosystem like conan. HOT 1
- GHSA-5667-3wch-7q7w aka CVE-2024-1023 has wrong version range
- Haskell security advisory database (Hackage packages) HOT 3
- When you reload the site on your phone, Gone all the user icons HOT 1
- GHSA-8cp3-66vr-3r4c isn't considered a vulnerability by Synk HOT 1
- Request to review GHSA-7jmm-gqgx-fq9m
- Request to review GHSA-gwr8-m965-83p4
- A taks
- Version range of GHSA-95mg-jgfx-54v9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from advisory-database.