Greg Mohler
Greg Mohler
Adding an outdated `[email protected]` and a vulnerable call to `yaml.load()` to demo the `Vulnerable Calls` tag in Dependabot Alerts
When a user who's NOT on the `SECURITY_ALERT_CLOSE_TEAM` bypasses push protection for [a reason that results in a closed alert](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/push-protection-for-repositories-and-organizations#about-push-protection-for-repositories-and-organizations), the alert is not reopened by the app.
# Context Many organizations' security teams are outnumbered by developers, sometimes as drastically as a 1:100 ratio. Also, different organizations have different risk appetites when it comes to dismissing security...
The SARIF spec allows for a `properties` field ([Property bag object](https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127639)) within any object in the spec. For GitHub Code Scanning specifically, if a `properties` array is added to each...
This pull request includes changes to the `variant-analysis-workflow.yml` file to make the workflow runner dynamic across all jobs, instead of just one of the jobs, for organizations that only use...