dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update daprdocs/content/en/operations/support/support-security-issues.md 

Signed-off-by: Mark Fussell <markfussell@gmail.com>
This commit is contained in:
Mark Fussell 2024-06-21 21:03:23 -07:00 committed by GitHub
parent 4b711d2e2c
commit 1bfd33671a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daprdocs/content/en/operations/support/support-security-issues.md
View File

@ -31,7 +31,7 @@ scanning tool **unless** work has specifically been done to confirm that a vulne
reported by the tool _actually exists_ in Dapr, including the CLI, Dapr SDKs, the components-contrib repo, reported by the tool _actually exists_ in Dapr, including the CLI, Dapr SDKs, the components-contrib repo,
or any other repo under the Dapr org. or any other repo under the Dapr org.
We make use of these tools ourselves and try to act on the output they produce; they We make use of these tools ourselves and try to act on the output they produce.
can be useful! We tend to find, however, that when these reports are sent to our security can be useful! We tend to find, however, that when these reports are sent to our security
mailing list they almost always represent false positives, since these tools tend to check mailing list they almost always represent false positives, since these tools tend to check
for the presence of a library without considering how the library is used in context. for the presence of a library without considering how the library is used in context.