-
**What steps did you take and what happened:**
**1.** `docker pull ghcr.io/aquasecurity/trivy-operator:0.22.0`
**2.** `trivy image ghcr.io/aquasecurity/trivy-operator:0.22.0 --severity CRITICAL`…
-
Hello,
During a recent security scan, we identified multiple vulnerabilities related to OpenSSL in the MicroK8s Core20 snaps. These vulnerabilities are still present and have not been addressed in …
-
## Expected Behavior
This project currently uses go 1.20 which is EOL and unsupported, see https://go.dev/doc/devel/release It also has security vulnerabilities which scanners such as Trivy repor…
-
**The CVE ID**
Two CVEs originating from GHSAs are affected by the same underlying issue:
- [CVE-2024-38356][CVE-2024-38356] / [GHSA-9hcv-j9pv-qmph][GHSA-9hcv-j9pv-qmph]
- [CVE-2024-38357][CVE-…
-
grype is reporting the installed consul version as v0.0.0, regardless of the actual version installed
Tested with a docker image which has consul v1.17.3 installed:
```
234156@mypod-0:/> /usr/bin…
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/29
-
Broken out from #87.
## Currently
There is no quick-to-digest summary of vulnerable dependencies.
I think an at-a-glance summary is very helpful.
Maybe you do too?
## What do others do?
I lo…
lread updated
2 weeks ago
-
Tracking issue for:
- [ ] https://github.com/jd-apprentice/easy-static/security/code-scanning/1
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.
https://docs.github.com/en/code-security/…