Hacker News new | past | comments | ask | show | jobs | submit | varunsharma07's comments login

An independent security researcher, on August 31st, 2024, demonstrated a successful supply chain attack on Azure Karpenter Provider, an open-source project maintained by Microsoft. A vulnerable GitHub Actions workflow led to this attack. The researcher successfully exploited the vulnerability and gained access to the workflow's GITHUB_TOKEN, which had "id-token: write" permission to the repository.


You can browse the pull requests created by the top 50 of the 500 open-source projects that have benefited from the platform at app.stepsecurity.io/securerepo/trending.


Can tests be created automatically based on captured API traffic? Also, I have heard a bit about, but not read in detail about Nuclei: https://nuclei.projectdiscovery.io/templating-guide/. How does this compare with your solution?


Hey! Yes tests can automatically be created based on the API traffic Metlo captures. Thats also the main difference between Metlo and Nuclei… we autogenerate tests based on the API schemas discovered for common vulns. You can also customize test generation using our templates!


Please see if you can add options for the feelings. It is easier to decide on a feeling when you see a list of options. It will also make aggregating easier.


Interesting. I have felt the need for this before. Do you also support authenticator app codes? I believe authenticator apps are recommended relative to SMS.


I don't currently have authenticator codes, but they can be easily added. Would you like to try out that feature?


I am hesitant about sharing QR codes etc., with a 3rd party. I assume I would have to share the QR code with you, right?


Are there other similar libraries for Azure Functions for other languages?


Haven't seen any yet (but also haven't searched extensively). What languages would you be interested in (.Net, Node, Java)? Would be interesting to port the library to other languages as well.


I was curious if this is missing across languages or just in Python.


Hm, afaik this is by design since Azure Functions should provide you freedom to do whatever you want based on the input (which is not necessarily a HTTP Request). So this is a helper library that focuses on implementing some of the common things you would want to do (and focused on Http Azure Functions at that). So based on that my assumption is that the situation will be similar in other languages.


Nice! This brought back memories of a car game I had coded in C in MS-DOS while in college.


It first asked me to log in and said I had no credits and needed to purchase them. So I could not try it. I don't know if this fits into Show HN. I suggest having a free tier where people can at least try it.


Suggestion: Please add a license and fill out the About section in the GitHub repo.


Done!


Nice! Can you add the https://hntoast.com URL to this post in the URL section? I had to copy-paste it.


I think, I can't do that now.


no worries


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: