-
Trivy informored us about these criticial issues for the current externa-auth-server docker image:
https://nvd.nist.gov/vuln/detail/CVE-2019-8457
https://nvd.nist.gov/vuln/detail/CVE-2024-27307
htt…
-
Hi Guys,
I have reconfigured existing container registry as air gap environment and harbor version is 2.8.4 and trivy adaptor version 0.44, after reconfigure air gap environment I noticed trivy ada…
-
Would it be possible to bump path-to-regexp to a more recent version that contains the fixes for CVE-2024-45296. The current dependency on 2.4.0 is causing our application to be flagged by our custome…
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
Right now the CI is set up such that every successful build of Docker Image will be pushed to ghcr.
But this is very risky, as I am not scanning for CVEs. Neither I have Image scanning open on my Doc…
-
Leverage bill of materials that lagoon generates.
Run in AWX?
Surface results in a report.
-
Hi, when scanning alpine 3.19 and 3.20 images, Stackrox (ACS) is unable to retrieve the OS CVE data:
![image](https://github.com/user-attachments/assets/971ade72-65b1-4963-a9b9-16360110c19e)
![i…
-
My issue seems to be similar to this [previous one](https://github.com/microsoft/sarif-sdk/issues/2694).
I am using the [trivy open source security scanner](https://github.com/aquasecurity/trivy-ac…
-
### Describe what should be investigated or refactored
We should add continuous scanning of image dependencies in UDS Software Factory package repositories to check for both CVEs and license changes.…
-
### Description
It seems that sometimes when cve-bin-tool detects the location/filepath of a dependency, it provides the path where that dependency is locally installed in the environment rather th…