1. GitHub Workflow Flaw: OpenVEX Security Artifacts Contain Placeholder CVE, Misleading Downstream Consumers
A critical discrepancy in a GitHub repository's security automation undermines the integrity of its software supply chain. The project's SECURITY.md file claims it generates OpenVEX artifacts—machine-readable security advisories—during its release workflow. However, the actual artifact shipped is a static template cont...