-
Hi,
there is at least one CVE around, which requie the attacker to have write access to the configuration. Now I saw another one and kind of lost track of it.
Not sure, but if it's not a single CVE …
-
## Description
I tried scanning container image [18fgsa/s3-resource:latest](https://hub.docker.com/r/18fgsa/s3-resource) (a publicly available container image) with trivy and got total 93 unique (d…
-
**What happened**:
On alpine I need:
- libcrypto3, libssl3 (3.1.4-r6)
- tomcat 9.0.87 with tomcat-native 1.2.33-r0 (taken from 3.16 repo) because tomcat-native 2.x is only supported since tomcat…
-
An automated security scan of 18.1.0-rc2 complained about the following dependencies:
* llvm/utils/git/requirements.txt
* gitpython==3.1.32 [CVE-2023-40590](http://web.nvd.nist.gov/view/vuln/det…
-
Hello, I am unsure if this is the right place to report this, but there are some known high & medium vulnerabilities in the latest publicly available build of the `neuron-device-plugin` container foun…
-
# Please add notifications about staged (CLM) channels that need to be synced to distribute (security) patches
We are using content lifecycle management and would like to know which upstream channe…
heiwu updated
6 months ago
-
### Is your feature request related to a problem? Please describe.
`zot` has support for OCI artifacts (v1.1.0) and when a SBOM is pushed, we can leverage the SBOM scanning ability from trivy to do:
…
-
\[Description and comments are copied over from the Trello ticket found here: https://trello.com/c/EVzy1zE7/263-add-trivy-vuln-scanning-to-concourse-docker-containers \]
The plan is to create a pip…
-
Hi,
While scanning for unpatched (or 1-day) vulnerabilities in popular open source libraries. I found the following 2 unpatched vulnerabilities in `opensolaris_crc32.c` and `inftrees.c`:
`CVE id…
-
Hi, thank you for developing SCAPinoculars, this is very useful !
I would like to suggest an additional type of report for vulnerabilities (oval), in addition to compliance (xccdf) reports.
http…