Replies: 1 comment
-
Github Action falls behind with Enterprise Level Security enhancement, this is some thing good to put into roadmap for sure! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The version of
git-lfs
in Ubuntu 20 usesgit-lfs/2.9.2 (GitHub; linux arm64; go 1.13.5)
. This version of golang is old and has quite a few known vulnerabilities causing our security scanning to fail.Ubuntu 22 is better but is using
go 1.18.1
which also has a fair number of vulnerabilities.The good news is that without
git-lfs
the scan results look good.Any thoughts here? Ubuntu 23 solves many of these issues:
git-lfs/3.4.0 (GitHub; linux arm64; go 1.20.7)
. Is Ubuntu 23 on the roadmap?Beta Was this translation helpful? Give feedback.
All reactions