Patrick Schratz
@pat-dev.bsky.social
devops, data science.
ansible, golang, R
#automateallthethings
Personal: https://pat-s.me
Business: https://devxy.io
ansible, golang, R
#automateallthethings
Personal: https://pat-s.me
Business: https://devxy.io
If you want a closer "pages" like feeling have a look at statichost.eu - can be easily coupled with webhook triggers in git repos.
GDPR-compliant European static site hosting - statichost.eu
Modern static site hosting with European servers and absolutely no personal data collection! Just add your git repository, and we'll take care of the rest.
statichost.eu
August 13, 2025 at 5:44 AM
If you want a closer "pages" like feeling have a look at statichost.eu - can be easily coupled with webhook triggers in git repos.
Meanwhile got some advice which includes
go version -m
and
govulncheck -mode=binary -show verbose <binary>
that perfectly verify and do what I was searching for.
Confirmed the findings of Trivy & MS Defender
go version -m
and
govulncheck -mode=binary -show verbose <binary>
that perfectly verify and do what I was searching for.
Confirmed the findings of Trivy & MS Defender
August 11, 2025 at 1:00 PM
Meanwhile got some advice which includes
go version -m
and
govulncheck -mode=binary -show verbose <binary>
that perfectly verify and do what I was searching for.
Confirmed the findings of Trivy & MS Defender
go version -m
and
govulncheck -mode=binary -show verbose <binary>
that perfectly verify and do what I was searching for.
Confirmed the findings of Trivy & MS Defender
Are trivy and MS Defender known for false-positives in such cases?
I am in a weird spot where multiple scanners flag (multiple) binaries, the company says "nothing there, error on your (scanner) side" and I need to report to the sec team with 2:1 scanners in favor of the vuln being present.
I am in a weird spot where multiple scanners flag (multiple) binaries, the company says "nothing there, error on your (scanner) side" and I need to report to the sec team with 2:1 scanners in favor of the vuln being present.
August 11, 2025 at 7:25 AM
Are trivy and MS Defender known for false-positives in such cases?
I am in a weird spot where multiple scanners flag (multiple) binaries, the company says "nothing there, error on your (scanner) side" and I need to report to the sec team with 2:1 scanners in favor of the vuln being present.
I am in a weird spot where multiple scanners flag (multiple) binaries, the company says "nothing there, error on your (scanner) side" and I need to report to the sec team with 2:1 scanners in favor of the vuln being present.
They are not willing to share their go.mod file to verify they are not using package version XY in them.
I am somewhat skeptical about this argument. What are my best chances to find a verifiable proof to this (other than attempting to exploit the vuln?)
I am somewhat skeptical about this argument. What are my best chances to find a verifiable proof to this (other than attempting to exploit the vuln?)
August 11, 2025 at 7:25 AM
They are not willing to share their go.mod file to verify they are not using package version XY in them.
I am somewhat skeptical about this argument. What are my best chances to find a verifiable proof to this (other than attempting to exploit the vuln?)
I am somewhat skeptical about this argument. What are my best chances to find a verifiable proof to this (other than attempting to exploit the vuln?)
Highlights ✨️:
- Non-admin users can now see all instance agents in a fully redesigned agent list view
- Docs now contain a feature comparison list to #woodpeckerci (www.crowci.dev/3.7/index.ht...)
- Scrolling to selected pipelines steps now works for shared links
- Support for dynamic page titles
- Non-admin users can now see all instance agents in a fully redesigned agent list view
- Docs now contain a feature comparison list to #woodpeckerci (www.crowci.dev/3.7/index.ht...)
- Scrolling to selected pipelines steps now works for shared links
- Support for dynamic page titles
June 15, 2025 at 2:14 PM
Highlights ✨️:
- Non-admin users can now see all instance agents in a fully redesigned agent list view
- Docs now contain a feature comparison list to #woodpeckerci (www.crowci.dev/3.7/index.ht...)
- Scrolling to selected pipelines steps now works for shared links
- Support for dynamic page titles
- Non-admin users can now see all instance agents in a fully redesigned agent list view
- Docs now contain a feature comparison list to #woodpeckerci (www.crowci.dev/3.7/index.ht...)
- Scrolling to selected pipelines steps now works for shared links
- Support for dynamic page titles
Sure, everyone is welcome
May 28, 2025 at 12:18 AM
Sure, everyone is welcome
Also to avoid confusion and point out some organizational differences, it might be better to have a distinct TLD.
Sometimes it is time for change. Maybe we arrived at such a moment ;)
Sometimes it is time for change. Maybe we arrived at such a moment ;)
May 21, 2025 at 3:43 PM
Also to avoid confusion and point out some organizational differences, it might be better to have a distinct TLD.
Sometimes it is time for change. Maybe we arrived at such a moment ;)
Sometimes it is time for change. Maybe we arrived at such a moment ;)
The suffix is fixed anyhow by install.packages(), it is only about the TLD.
r-project.org is not in scope for the TLD as CRAN is not interested in the project (and probably sees it as competition?). I asked them some time ago to possibly collaborate, specifically for the Alpine binaries.
r-project.org is not in scope for the TLD as CRAN is not interested in the project (and probably sees it as competition?). I asked them some time ago to possibly collaborate, specifically for the Alpine binaries.
May 21, 2025 at 3:43 PM
The suffix is fixed anyhow by install.packages(), it is only about the TLD.
r-project.org is not in scope for the TLD as CRAN is not interested in the project (and probably sees it as competition?). I asked them some time ago to possibly collaborate, specifically for the Alpine binaries.
r-project.org is not in scope for the TLD as CRAN is not interested in the project (and probably sees it as competition?). I asked them some time ago to possibly collaborate, specifically for the Alpine binaries.
Only public repos, no profit-related projects.
Due to some other (related) philosophies, such as not using any cloud service and self-hosting hardware, uptime and service availability has not always been great in the past.
And in general, it's always good having multiple alternatives ;)
Due to some other (related) philosophies, such as not using any cloud service and self-hosting hardware, uptime and service availability has not always been great in the past.
And in general, it's always good having multiple alternatives ;)
April 14, 2025 at 5:09 PM
Only public repos, no profit-related projects.
Due to some other (related) philosophies, such as not using any cloud service and self-hosting hardware, uptime and service availability has not always been great in the past.
And in general, it's always good having multiple alternatives ;)
Due to some other (related) philosophies, such as not using any cloud service and self-hosting hardware, uptime and service availability has not always been great in the past.
And in general, it's always good having multiple alternatives ;)
Why #rstats? It should concern any language.
I personally have some projects on Codeberg.
I am also currently working on a public Forgejo-based platform, which will also be open for companies (as CBs ToS are very strict). Beta will be available soon.
I personally have some projects on Codeberg.
I am also currently working on a public Forgejo-based platform, which will also be open for companies (as CBs ToS are very strict). Beta will be available soon.
April 14, 2025 at 4:51 PM
Why #rstats? It should concern any language.
I personally have some projects on Codeberg.
I am also currently working on a public Forgejo-based platform, which will also be open for companies (as CBs ToS are very strict). Beta will be available soon.
I personally have some projects on Codeberg.
I am also currently working on a public Forgejo-based platform, which will also be open for companies (as CBs ToS are very strict). Beta will be available soon.