Dependencies¶
Software Bill of Material¶
Weblate comes with a Software Bill of Material (SBOM) in the source core as
docs/specs/sbom/sbom.json using the CycloneDX format. This can be used to review
the dependencies for security issues or license compliance.
Отслеживание зависимостей для реагирования на уязвимости¶
Security issues in our dependencies are monitored using Renovate. This covers the Python and JavaScript libraries, and the latest stable release has its dependencies updated to avoid vulnerabilities.
Подсказка
В сторонних библиотеках могут быть присутствовать уязвимости, которые не влияют на работу Weblate, поэтому они не решаются выпуском исправленных версий Weblate.
Безопасность Docker-контейнера¶
The Docker containers are scanned for security vulnerabilities in our CI. This allows us to detect vulnerabilities early and release improvements quickly.
You can get the results of these scans at GitHub — they are stored as artifacts on our CI as SARIF.
См. также