-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
List Perl as an environment #3536
Comments
Fully support this |
I support this! |
Hi all, thanks for opening this issue! And wow that is a lot of 👍 interest! We have opened an issue internally to look into this and see what we would need to do to support it. |
@KateCatlin - I didn't see another way to get in touch with you, but as one of the people who maintains some of the Perl tools that do security audits for Perl projects, I'd be happy to talk to you about how the Perl community could help the GitHub Advisory Database. I'm happy to help as a volunteer in any way that I can be useful. If you want to take it offline, my email is on https://briandfoy.github.io . For example, I maintain the CPAN Security Advisory, which is a secondary source of information that collates a bunch of different sources for our tools. Currently I'm adding the GitHub Advisory ID to anything we are tracking. As part of that, I've collected a bunch of information on affected versions, fixed versions, and a few other things for Perl advisories. It's something I've been doing for awhile. There are a lot of people that help, so we have a lot of information that can improve the GitHub reports. |
Thanks for offering, Brian! We'd love to have this conversation! I'm actually going to pass this over to @taladrane who is the leader of our Advisory Database Curation team, the team that would be most involved in taking on a new ecosystem to support. I'll let you two follow up and connect from here! |
@KateCatlin @taladrane Hi! I'm one of the members of the CPAN Security Group (@CPAN-Security), and I'd like to support the initiative by @briandfoy to add Perl as an environment in your advisory database. Some of our goals are to help triage vulnerabilities with the Perl and CPAN community, secure the CPAN supply chain and help with the development of security related tooling. You can find more information about our efforts on https://security.metacpan.org/ or contact us on [email protected] |
We had a good meeting with @taladrane and part of her team today. I have some homework to pull together various things about how Perl modules work and so on so GitHub can see how that would fit into their workflow. This is progressing satisfactorily, and neither side is making any promises about anything. We're a long way from actual support, but I'm very happy that I even got the meeting and that they had lots of good questions. :) |
I'd like to improve several reports related to the Perl language and ecosystem, I cannot submit the form because the improvement form has the ecosystem as a required field, and there is not entry for "Other" or some such.
I suggest some combination of these:
The text was updated successfully, but these errors were encountered: