The scanner component of the devguard project

devguard-scanner

feature-upload-vex

change-user-id-by-detected-events

803-normalize---ref-and---defaultref-paramter

update-ticket-scannerids-label

Hubtrick-Git-patch-1

wrong-link-in-devguard-attest-action

522-add-config-file-endpoints-to-asset-project-and-organization

add-scannerids-label

fix/valid-sboms

fix/handling-empty-slice-components

535-add-information-about-the-amount-of-vulnerabilities-with-known-exploits-to-the-dashboard

add-secrets-option-to-asset

fix/get-org-by-firstparty-vulnID

0.12.3

0.10.0 365-multiple-instances-of-the-same-cve-in-an-asset

282-whole-system-crash-when-sending-empty-gitlab-string

ticket-handling

fix/do-update-colums-by-conflict

779-fix-severity-grades-dashboard-filter

678-overhaul-the-looks-of-a-ticket-generated-by-devguard

feature/code-coverage-report

fix/raw-riskassessment-values

291-fix-asset-version-name-in-events

710-add-docs-link-to-created-tickets

update-vuln-badge-by-zero-values

0.12.2 sarif-endpoint-new

delete-not-active-asset-verions

fix/ticket-id/url-naming

main

739-devguard-creates-merge-requests-with-invalid-dates

310-server-stuck-in-loop-when-updating-an-organization-name-to-an-empty-name

vuln-report

fix/remove-test-json

0.8.3 363-dependency-graph-endpoint

add/integrations-tests

add-asset-events-endpoint

fix/slug-generation

fix-bugs

fix/risk-recalculated-time

0.9.1 admin-token

ci-updates

fix/nil-old-risk-assessment

565-add-webhook_secret-column-to-assets

fix/risks-search

fix/defaultbranch-tag

fix/create-assetversion-bug

611-add-language-column-to-organization---we-might-need-to-translate-created-github-and-gitlab-tickets

249-devguard-scanner-should-panic-if-error-occurs

258-unable-to-create-organization-with-an-existing-name

277-install-gitleaks-and-semgrep-in-dockerfilescanner

fix-nil-pointer

check-admin-token-first

fix/policy-association

0.8.2 HEAD

update-badge-api

test-branch

360-devguard-scanner-link-is-incorrect

fix-clientfactory

328-add-attestations-to-each-asset-version

364-add-dependency-graph-to-github-and-gitlab-tickets-using-mermaidjs

chore/terms

790-feature-request-upload-vex

add/search-function-to-projectslist

629-add-last-scan-information-to-asset-version-dto

feature/rego-eval

0.9.0 274-handleevent-crashes-with-first-party-vulnerabilities-in-githubgitlab-integration

361-unknown-created-the-ticket

777-error-message-that-an-account-with-the-e-mail-address-already-existss

298-fix-gitlab-webhook-integration

325-rename-certain-things-to-make-them-more-clear

troubleshooting-sast

linting-standard

feature/sbom-command

0.12.0 glitchtip-soft-errors

fix/event-query

add-api-url

fix-lint

idea/simplifies-interfaces

262-remove-projects

distroless

fix/nil-pointer-deps-comp

fix/badge

558-scan-daemon-scans-asset-versions-from-deleted-assets

614-only-project-members-should-be-able-to-handle-tickets

768-add-addtional-infos-to-vex

fix/default-scanner-id-tag

feautre/jira-integration

fix/metadata-nil

fix/needed-scope

879-remove-link-from-code-risk-result-print---add-link-beneath-to-all-code-risks

524-scanner_id-is-still-used-in-the-new-loadpathtocomponent-function

fix/list-projects-with-the-saved-slug

269-improve-auto-setup-use-dynamic-api-and-webhook-urls-for-gitlab-integration

Devguard-Pipeline

Badge API Documentation

Badge API

Badge API Programm ZenDiS

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

DevGuard Operator

Devguard Postgresql

devguard-documentation

 Devguard-Pipeline

devguard-web

devguard

devguard-action

Devguard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

David Luhmer

Refaei Shikho

Frédéric Noppe

refoo0

timbastin

seb-kw

Frederic-Kenji

devguard-bot-dev[bot]

L3montree Cybersecurity

The documentation for the DevGuard Project

This is a scan for Devguard CI/CD components in a GitLab project, aimed at testing whether these components function correctly.

Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

/Devguard
Group
/devguard-scanner
Repository

CVE-2025-22866

Add a comment

Affected component

Quick Fix