-
**Describe the bug**
The combination of the Quarantine preview feature and Qualys (Azure Defender CVE Scanning) do not work as expected.
**To Reproduce**
Steps to reproduce the behavior:
1. Ena…
-
### Problem Statement
When running trivy security scan, we noticed in our Kubernetes cluster our bitnami/kubectl v1.28.5 has quite some critical vulnerability findings.
```shell
$ trivy image bit…
-
### Description
It seems that sometimes when cve-bin-tool detects the location/filepath of a dependency, it provides the path where that dependency is locally installed in the environment rather th…
-
Microsoft Defender for cloud on Azure has detected a vulnerability CVE-2022-44729 in apache-jmeter-5.6.3 Please find report below
`Critical and High severity vulnerabilities detected in your CN…
-
Would it be possible to bump path-to-regexp to a more recent version that contains the fixes for CVE-2024-45296. The current dependency on 2.4.0 is causing our application to be flagged by our custome…
-
### Description
Hi there folks, hope all is well on your side! We've been using this project for a while and thank the team for the great work!
However, like already mentioned in past issues, we…
-
CVE-2020-14040 (Severity=High) and CVE-2021-38561 (Severity=Unknown) are found when scanning https://github.com/googleinterns/cloud-operations-api-mock/releases/download/v2-alpha/mock_server-x64-linux…
mipnw updated
2 years ago
-
Hello, i have alert from scanning about dependencie postcss.
component-compiler-utils use "postcss": "^7.0.36", but
"id":"CVE-2023-44270","package":"postcss","version":"7.0.39","fix_version":"8.4.3…
-
I think there are 3 things I can add to the CI pipeline to improve it.
1. **Cache**: We could cache the go pkg and docker layers. It will improve the speed of the pipelines. Also not hit the DockerHu…
-
Hi there!
We have noticed that some CVEs affecting Spring libraries are not reported by Dependabot. This is caused by the fact that some CVEs are taking a long time to be included in the National V…