Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.
Extremely useful when running the tool without halting a pipeline for example.
I currently use a workaround, but something more concrete would be very desira
What would you like to be added:
Currently we are defining our own Docker client interface on docker package, which is basically a copy and paste of the methods that we use from [Docker client](https://pkg.go.dev/github.com/dock
Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.
#21 516.9 > keytar@7.6.0 install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64
Scan the docker network for open ports and vulnerable services.
Add a description, image, and links to the sast topic page so that developers can more easily learn about it.
To associate your repository with the sast topic, visit your repo's landing page and select "manage topics."
Describe the bug
Update on Homebrew-core job is failing during release https://github.com/returntocorp/semgrep/runs/4889454978?check_suite_focus=true
This is because https://github.com/returntocorp/semgrep/blob/develop/.github/workflows/release.yml#L320 has hardcoded the version of python that is running and github action is no longer running 3.9.9 but is running 3.9.10
We should dynami