recommendations on how Dapr can ensure the quality and integrity of its own supply-chain via its dependency tree. 1 CVE-2023-37475 2 Dapr security audit 2023 Results summarised 7 security issues found All maxprocs.Set() rt, err := runtime.FromFlags(os.Args[1:]) if err != nil { 2 https://github.com/dapr/dapr/tree/ddd11bcc07ddf61bf5edd835a4b621a3ef1d395a/cmd/daprd 7 Dapr security audit 2023 log.Fatal(err) } dependencies. An attacker can commit malicious PRs to a library in Component-contribs dependency tree or perform a dependency confusion attack - which is a manoeuvre where an attacker takes over a library

FuzzDecodeMetadata Tests the decoding routine which handles metadata across the Dapr Components-Contrib source tree. Issues found by fuzzers The fuzzers found three issues during the time of the audit itself. One