1. Critical Security Gap: pip-audit CI Pipeline Silently Suppresses 6 Active CVEs Without Tracking or Remediation Timeline
A high-severity security configuration gap has been identified in the organization's CI pipeline, where pip-audit—the dependency vulnerability scanning tool—is configured to ignore six known Common Vulnerabilities and Exposures without any associated tracking issue or remediation deadline. The ignored CVEs include CVE-...