From 1bfd33671ab34f806bb1a489596fec38940d1930 Mon Sep 17 00:00:00 2001 From: Mark Fussell Date: Fri, 21 Jun 2024 21:03:23 -0700 Subject: [PATCH] Update daprdocs/content/en/operations/support/support-security-issues.md Signed-off-by: Mark Fussell --- .../content/en/operations/support/support-security-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/operations/support/support-security-issues.md b/daprdocs/content/en/operations/support/support-security-issues.md index 8929d96af..58a700d37 100644 --- a/daprdocs/content/en/operations/support/support-security-issues.md +++ b/daprdocs/content/en/operations/support/support-security-issues.md @@ -31,7 +31,7 @@ scanning tool **unless** work has specifically been done to confirm that a vulne reported by the tool _actually exists_ in Dapr, including the CLI, Dapr SDKs, the components-contrib repo, or any other repo under the Dapr org. -We make use of these tools ourselves and try to act on the output they produce; they +We make use of these tools ourselves and try to act on the output they produce. can be useful! We tend to find, however, that when these reports are sent to our security mailing list they almost always represent false positives, since these tools tend to check for the presence of a library without considering how the library is used in context.