安全和隐私
小技巧
在 Weblate,安全维持着一个重视用户隐私的环境。
Weblate 的开发符合 Linux 基金会发起的核心基础设施计划最佳实践。
参见
Tracking dependencies for vulnerabilities
Security issues in our dependencies are monitored using Dependabot. This covers the Python and JavaScript libraries, and the latest stable release has its dependencies updated to avoid vulnerabilities.
提示
There might be vulnerabilities in third-party libraries which do not affect Weblate, so those are not addressed by releasing bugfix versions of Weblate.
Docker 容器安全
The Docker containers are regularly scanned using Anchore and Trivy security scanners.
This allows us to detect vulnerabilities early and release improvements quickly.
You can get the results of these scans at GitHub — they are stored as artifacts on our CI in the SARIF format (Static Analysis Results Interchange Format).
参见