TLP: Clear - The repository of the DevGuard Web Project

👩‍💻 DevGuard Web

0.13.3 960-add-artifact-filters

add-sca-and-container-scanning-to-integrationsnippet

455-in-app-footer-should-be-displayed-always-on-bottom-of-screen

599-zoom-image-when-clicking-on-it

resize-opencode-logo

add-mechanical-justification

492-add-make-visible-button-to-password-inputs

improvement/webhook-modal

chore/improve-onboarding-steps

0.13.4 545-Scanner-badge-should-not-break-lines-but-include-hoverable-tooltip-about-fullname

0.13.10 improve-organization-dropdown-component

fix/EntityProviderLinkBanner

0.11.1 add-secrets-option-to-asset

567-Display-the-password-policy-on-the-registration-page2

repository-search-is-not-working-anymore

fix/no-user-error

add/jira-integration-option-to-settings

0.12.3 remove-org-badge-by-external-entity

898-Inconsistent-link-and-unlink-naming

485-onboarding-done-button-doesn't-do-anything

feature/sast

0.13.6 813-exporting-sboms-does-not-work

add-InputWithButton-component

654-two-scores-cognitive-dissonance

feature/webhook-events

deleting-a-project-results-in-404

fix-manual-sarif-upload

881-temp-mobile-devguard-screen

843-rename-code-risk-handling-to-code-risks-and-dependency-risk-handling-to-dependency-risks

0.13.9 594-reveal-button-is-bugged-if-the-user-is-using-pwned-password

fix/markdown-rendering

ory-touch-up

improved-onboarding

compliance-risks

472-Wrong-color-for-checkmark-should-be-black-like-fixed-state

update-scanner-badge

feature/sbom-report

chore/improve-user-org-settings

auto-setup-option-is-missing-for-connected-gitlab-repo

undefined-organizationSlug-in-EntityProviderImage

feature/genrate-pdfs

fix-member-inivation-message

chore/improve-login-registration

656-improve-action-in-risk-handling

fix/pat-list

fix/reduce-error-track-infos

0.13.0 fix/capitalization-opencode-sign-in-button

fix/gitlab-pipeline

0.13.7 add/webhook-management-section

467-only-display-licenses-with-more-that-0%-of-the-packages

remove-unused-files

756-threejs-devguard-badge-is-blocking-onboarding-flow

0.12.1 fix/risks-search

702-change-button-text-to-black

988-ticket-creation-dialog-needs-to-be-different-for-external-entity-provider-projects

chore/custom-404

add-jira-icon-in-repo-select

add/search-function-to-projectslist

0.12.0 fix/webhook-section

847-setup-flow-done-button-does-not-close-modal-states-pipeline-failed-even-if-i-did-not-integrated-anything

901-Increase-display-time-for-toasts-a-bit

fix/org-creation-error

886-org-creation-name-input-is-not-selectable-on-left-side-part

578-sbom-upload-button-is-finder-if-not-nothing-is-selected-yet

resize-opencode-log

fix/loading-button-after-create-subproject

777-error-message-that-an-account-with-the-e-mail-address-already-exists

chore/error-tracking

fix-branch-tag-component

598-concept-for-registration-workflow

638-appbar-make-text-white

660-license-combobox-overwrite

190-dependency-table-dialog-with-graph

708-if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

update-deps

0.13.2 feautre/jira-integration

0.13.11 fix/issue-810

845-change-toast-position-to-top-screen-middle-shadcn-sonner

fix-settings-crash-when-refreshing

838-add-basic-risk-handling-information-sharing-inside-org

847-setup-flow-done-button-does-not-close-modal

pdf-download

0.13.5 update-badge-api

project-member-edit-should-be-more-logical

577-add-fingerprint-icon-to-visualise-difference-in-Sign-in-With-Passkey

rerender-badge-when-new-license-is-selected

main

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

🗄️ Devguard Postgresql

DevGuard Operator

devguard-scanner

🧩 DevGuard CI-Components

💡 DevGuard

🧩 DevGuard Action

📚 DevGuard Documentation

🛡️ DevGuard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

David Luhmer

Refaei Shikho

Frédéric Noppe

refoo0

timbastin

seb-kw

Frederic-Kenji

Hubtrick-Git

L3montree Cybersecurity

TLP: Clear - The repository for the customized DevGuard Postgresql

 TLP: Clear - Devguard GitLab CI/CD Components

TLP: Clear - The main repository - contains the API, the devguard-scanner CLI and the Helm-Chart

TLP: Clear - DevGuard GitHub Reusable Workflows

TLP: Clear - The documentation for the DevGuard Project

TLP: Clear - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Webhook which sends notification into our matrix chat

Matrix Error-Tracking

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individual users do not directly depend on `@babel/helpers`, and instead depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees use of a new enough `@babel/helpers` version. Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available.

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

	Package	Max Risk	Max CVSS	Vulnerability Count	Installed Version	Action
	@babel/runtime	LOW (3.6)	MEDIUM (6.2)	1	7.22.5	Update to version 7.26.10 to reduce total risk by 3.6
	prismjs	LOW (1.4)	MEDIUM (4.9)	1	1.27.0	Update to version 1.30.0 to reduce total risk by 1.4

/🛡️ DevGuard
Group
/👩‍💻 DevGuard Web
Repository

Identified Risks