-
As mentioned in the weekly gsoc meeting:
Right now, we don't know that much about our users except when they file issues, since cve-bin-tool has no telementry of any sort. I'm not super interested…
-
### Describe what should be investigated or refactored
We should add continuous scanning of image dependencies in UDS Software Factory package repositories to check for both CVEs and license changes.…
-
Hello Rundeck Team,
We have detected the vulnerability CVE-2023-44487 in the current version of Rundeck (v5.4.0) that we are using. This vulnerability has been flagged by our security scanning tool…
-
## Summary
Checking the result of Trivy scan, there is a CRITICAL CVE and a dependency should be updated.
## Steps to reproduce
When running a trivy scan on latest concourse image, it reporte…
-
The following images are showing them vulnerable to CVE-2022-47629 for 6.2.8. Please provide a resolution
cp-kafka-connect
cp-kafka
cp-zookeeper
cp-schema-registry
trivy image 323640293338.dk…
-
Hi. Thank you for distributing such a great tool.
I checked out this post and did some testing on a few projects.
- https://osv.dev/blog/posts/introducing-broad-c-c++-support/
However, I di…
-
### Are you certain it's a bug?
- [X] Yes, it looks like a bug
### Is the issue caused by a plugin?
- [X] It is not a plugin issue
### Are you using the latest v3 release?
- [X] Yes, I'…
-
Having images that are scanned for vulnerabilities provides more confidence for users wanting to run or adopt our demo images
One approach I've used in the past is to post to quay.io (in addition t…
-
As part of our image scanning we found that the latest JsPolicy (0.2.2) has several unaddressed CVEs
CVE ID: CVE-2023-26604,CVE-2023-50387
Vulnerabilities in libudev1
CVE-2023-42282 ([MITRE](ht…
-
### What happened?
This is CVE-2024-8986, it's being flagged by our security scanning tools, and has been for a long while now. When is this dependency due to be updated and a version containing the …