依賴項¶
Software Bill of Material¶
Weblate publishes a Software Bill of Material (SBOM) using the CycloneDX
format for released versions. The SBOM is available as a versioned
weblate-<version>-sbom.cdx.json file in the GitHub release assets and
is also attached to the release provenance using GitHub artifact attestations.
This can be used to review the dependencies for security issues or license
compliance.
Tracking dependencies for vulnerabilities¶
Security issues in our dependencies are monitored using Renovate. This covers the Python and JavaScript libraries, and the latest stable release has its dependencies updated to avoid vulnerabilities.
提示
在第三方庫中可能存在漏洞,不會影響WebLate,因此不會通過釋放釋放的WebLate的錯誤文件來解決這些內容。
Docker 容器安全¶
The Docker containers are scanned for security vulnerabilities in our CI. This allows us to detect vulnerabilities early and release improvements quickly.
You can get the results of these scans at GitHub — they are stored as artifacts on our CI as SARIF.