Alexis Mousset issues

Results 57 issues of


                                            Alexis Mousset

Add a command to synchronize advisory data from osv.dev/GHSA

Result in https://github.com/rustsec/advisory-db/pull/1379. Refs: https://github.com/rustsec/rustsec/issues/644

Allow using different licenses for advisories

As discussed on Zulip previously, adding the ability to provide a specific license and attribution for advisories would be useful, especially to allow importing advisories from Github Security Database (under...

advisory-db

Fixes #23356: Add PoC SBOM tooling

https://issues.rudder.io/issues/23356

WIP

Fixes #23626: Add a "package" module

https://issues.rudder.io/issues/23626

Fixes #21898: Add diff support to resources

https://issues.rudder.io/issues/21898

WIP

Fixes #23806: Add Amazon Linux in the technique editor conditions

https://issues.rudder.io/issues/23806

Fixes #23208: Add a warning in the logs when using local auth with non-bcrypt passwords

https://issues.rudder.io/issues/23208 * Remove the ability to use the fallback admin account with a clear text password in config * Add a warn log when local users use an unsafe storage

Fixes #22666: Update docker scripts for 7.2

https://issues.rudder.io/issues/22666

Investigate downstream advisory usage

As discussed in https://github.com/rustsec/advisory-db/pull/1738#issuecomment-1684483582, issuing an `informational="notice"` advisory would cause alerts similar to actual vulnerabilities in some cases, which is undesirable and prevents using this type of advisory in some...

Import missing advisories from GitHub advisories

Currently 92 missing advisories: * [ ] 2021-09-01: https://github.com/advisories/GHSA-hw4v-5x4h-c3xm for ["frontier"] * [ ] 2021-09-20: https://github.com/advisories/GHSA-mc22-5q92-8v85 for ["tremor-script"] * [ ] 2021-09-23: https://github.com/advisories/GHSA-xpwj-7v8q-mcgj for ["deno"] * [ ] 2021-10-12: https://github.com/advisories/GHSA-3r3g-g73x-g593...