sast

Please support the XDG Base Directory Specification on Linux/*nix systems.

Right now semgrep puts its config file under ~/.semgrep/, the correct location should be $XDG_CONFIG_HOME/semgrep/ with a fallback to ~/.config/semgrep/.

It doesn't need to be perfect at first, but moving semgrep files from the `

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

What happened:
Horusec reports that this code:

Code .addContentType("application/x-www-form-urlencoded")

as: Basic authentication's only means of obfuscation is Base64 encoding. Since Base64 encoding is easily recognized and reversed, it offers only the thinnest veil of protection to your users, and should not be used.

Maybe I'm wrong but, why is this a base64 securit

Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.

#21 516.9 > [email protected] install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9 
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64

Scan the docker network for open ports and vulnerable services.

I expect

The modal window to be a bit larger (eg. .modal-content, .modal-header:{ 750px;} ?). See

cc: @Fupete