1. Rune Security Pipeline Flaw: Feature Branches Silently Bypass Critical CVE Gates
A critical security control failure has been exposed within the Rune project's CI/CD pipeline. The automated `security-sbom` job, which scans for software vulnerabilities, contains logic that deliberately suppresses failures for Critical and High-severity CVEs on feature branches. This design flaw allows developers to ...