-
The CRI API has a field on images `Pinned`.
This will be used for images like `pause` and should be used as as a filter for image removal.
ref: https://github.com/containerd/containerd/pull/6456
-
We are using .Net 6.0 based Azure function Images and we have found multiple vulnerabilities in the base images during our aqua scanner scanning. These have not been addressed for more than a month no…
-
**What happened**:
Scanning an eclipse-temurin java image for CVEs, while using the `--only-fixed` flag, results in Java CVEs being suppressed forever. This is apparently caused by a lack of FIXED-…
-
the CPE for the jenkins git plugin says the package is "git" instead of "git-jenkins-plugin" or similar. The solution would be parsing/heuristics for the vendor, though we don't really get that inform…
-
Hello,
while scanning our webmail site (running latest RainLoop), we found some vulnerabilities.
Updating relevant Javascript libraries should solve most of them: do you have this planned for an upc…
-
I previously reported this behavior in https://github.com/goharbor/harbor/issues/15406, but the issue was close for being stale.
I'm sorry to say that the issue is still present under v2.9.0 (below…
-
We set a `Github Code Scanning` workflow according to this:
```
name: build
on:
push:
branches:
- master
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-20.…
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/29
-
**What happened**:
Many official docker images (provided by https://github.com/docker-library) are derived from buildpack-deps, which includes a large number of build-related packages, like gcc, git,…
-
Using your test data I see the following:
```
$ bomber scan bomber.spdx.json
██▄ ▄▀▄ █▄ ▄█ ██▄ ██▀ █▀▄
█▄█ ▀▄▀ █ ▀ █ █▄█ █▄▄ █▀▄
DKFM - DevOps Kung Fu Mafia
https://github.com/devops-kung-…