I’m trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?
The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?
Comment on GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider 🐈⬛🔒
corsicanguppy@lemmy.ca 19 hours ago
This thing looks great but it has layers of supply-chain sploit risk. Make sure you’re really secure before trying it – and if you’re (otherwise) iso27002 compliant, give it a pass.
fluckx@lemmy.world 16 hours ago
notquitenothing@sh.itjust.works 17 hours ago
I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.