Skip to main content
The 2026 Annual Developer Survey is live— take the Survey today!
Score of 3
0 answers
86 views

I used to start scanning OpenAPI via Nuclei 3.4.10: nuclei -l openapi.json -im openapi -c 50 -bulk-size 50 -rate-limit 200 -sresp While scanning Nuclei is using required_openapi_params.yaml variables ...
Score of 0
0 answers
163 views

I’m using OWASP Dependency-Track and I’d like to suppress certain vulnerabilities project-wise automatically. Right now, the only approach I know is to mark each finding as “Suppressed” manually in ...
Score of 0
0 answers
168 views

I’m running into a problem exposing a PostgreSQL database through a Cloudflare Tunnel, and I’m hoping someone with deeper Cloudflare Zero Trust/WARP experience can help me understand what’s going on. ...
Score of 0
1 answer
99 views

I’m an intern working in DevSecOps. Our repo uses branches: test, dev, preprod, prod. I’ve set up scans (SAST, container scan , DAST ) triggered from the test branch. But the dev team often pushes ...
Score of 1
1 answer
554 views

am new to Dependency Track and I was managed to configure it and set it up with SecOps pipeline. I have few Node JS test projects configured in Dependency Track which shows Vulnerabilities but the ...
Score of 0
1 answer
247 views

I am working on an Angular application deployed on Firebase Hosting. I want to keep my sensitive API keys and tokens secure without exposing them in environment.ts, environment.prod.ts, etc files. I ...
Score of 1
1 answer
108 views

Trying to create a rule in Google SecOps (Chronicle) to detect that an unknown user and/or an unknown IP has successfully logged into a server. If a known user logs in from an unknown IP, that should ...
Score of 0
0 answers
132 views

I created a custom python script to run tests against my k8s cluster components - configmaps, secrets and roles (RBAC). Next I defined a custom executor for python to execute the test. This is as ...
Score of 0
1 answer
121 views

Is there a good way to prevent defender for cloud recommendations/warnings before doing changes? Defender for DevOps usually deals with SAST scanning on repos, but the warnings I'm interested in ...
Score of 0
1 answer
494 views

Wanted to ask a question about Snyk cli container monitor of docker image. So we got a docker image for example reponame/image_name:image_tag. We are monitoring this image from cli like snyk container ...
Score of -1
1 answer
226 views

I am trying to add a custom scan report for report type "container_scanning" with the goal of displaying the results inside the merge request. The Container image will be scanned using trivy....
Score of 0
0 answers
92 views

Need advice with DevSecOps best practices for building CI/CD pipeline using Github actions and terraform to deploy on ACR on Azure try to search and found only high level practices. if there is an ...
Score of 1
2 answers
2032 views

I added my github projects to snyk.io portal to check vulnerabilities. Sadly, snyk is only checking files ending with the .json, .yml, .txt etc. It's not checking vulnerabilities in typescript, js, ...
Score of 0
1 answer
132 views

How does fortify calculates the estimated remediation effort score? In the page 129 of this document, the product manual says what the score is, what it means, but it does not provide any clue on how ...
Score of 1
0 answers
540 views

How can I host a /.well-known/security.txt file in Webflow? I tried to set up a 301 redirect from /.well-known/security.txt to another path, but I get the error: Invalid .well-known request Does ...

15 30 50 per page