-
Hi,
We receive these messages which appear to be related to Maven packages loaded by the scanning tool. Is this expected? How should we deal with these as they are blocking our pipelines.
-
The `affected` array can contain `cpes`, but these are not associated with a version, version range, or status.
Consider this snippet of https://cveawg.mitre.org/api/cve/CVE-2024-0229:
```json
…
-
**What happened**:
When using `--by-cve` the same CVE is reported twice. Once with FIXED-IN data, and once without.
**What you expected to happen**:
I expect the same CVE to be reported just …
-
The following images are showing them vulnerable to CVE-2021-46848 for 6.2.8. Please provide a resolution
1. cp-kafka-connect
2. cp-kafka
3. cp-zookeeper
4. cp-schema-registry
`trivy image co…
-
### Describe what should be investigated or refactored
We should start to test out the new `uds scan` command as a part of our release process for each application package.
### Links to any rele…
-
The scorecard is giving us a lower score because it claims we have OSV vulnerabililities:
A sampling:
```
Warn: Project is vulnerable to: RUSTSEC-2021-0139
Warn: Project is vulnerable to: RUSTSE…
-
https://nvd.nist.gov/vuln/detail/CVE-2022-25881
http-cache-semantics package should upgrade from 4.1.0 to 4.1.1
-
### What happened?
The latest version 3.220.5 has vulnerabilities due to the NodeJS and dotNet versions
dotNet vulnerability (upgrade .NET Runtime to 6.0.16 or higher):
Summary:.net dll hijacki…
-
The following image is vulnerable to CVE-2022-1471 Please provide a resolution:
`trivy image confluentinc/cp-kafka-connect:6.2.9 | grep CVE-2022-1471
2023-03-27T15:21:43.502-0400 INFO Vulnerabili…
-
### What did you do?
We have installed prometheus in our cluster, and recent security scan found the image: quay.io/prometheus/prometheus:v2.44.0 contains several security vulns.
1. grype quay.io/…