Code Scanning Alert (high): Wasm binary files are directly stored in source code repo

There are several high-sev alerts related to Wasm binary files being stored directly in the source code repository.

E.g. https://github.com/containerd/runwasi/security/code-scanning/1, https://github.com/containerd/runwasi/security/code-scanning/2, https://github.com/containerd/runwasi/security/code-scanning/3, and https://github.com/containerd/runwasi/security/code-scanning/4

How to Remedy This Issue:

1. Implement a build-from-source approach. For example, for `hello_wasi_http_csharp.wasm` file, we can store only the C# source code and have a script to compile it to the Wasm file for testing. 
2. Consider adding .wasm files to `.gitignore` to prevent accidental commits in the future


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Code Scanning Alert (high): Wasm binary files are directly stored in source code repo #912

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Code Scanning Alert (high): Wasm binary files are directly stored in source code repo #912

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions