-
**What happened**:
When scanning several images Grype reported cups client-library packages ('cups-libs' / 'libcups2') being impacted by CVE-2024-47175. However, the client library packages are not i…
-
**What happened**:
Hello!
I've scanned an image using grype 0.84.0, and received the below CVE.
The problem is, that my package is version 17.0.2, and in the fixed versions some of the versions doe…
-
Broken out from #87.
## Currently
There is no quick-to-digest summary of vulnerable dependencies.
I think an at-a-glance summary is very helpful.
Maybe you do too?
## What do others do?
I lo…
lread updated
2 months ago
-
Finding returns the following:
```
trivyfs-docker...........................................................Failed
- hook id: trivyfs-docker
- exit code: 1
- files were modified by this hook
…
-
### Why it needs to get done
We have several image scanning CI runs with some overlap:
1. some rocks repos do daily scanning (ex: [seldonio-rocks](https://github.com/canonical/seldonio-rocks/blob/78…
-
Our org is using the Jammy base builder and base runner with the latest version in my CI tool to perform builds and got the below Critical/High security vulnerabilities identified by the scanning tool…
-
Our scanning jobs have identified a new CVE "[CVE-2024-24791](https://www.cve.org/CVERecord?id=CVE-2024-24791)" in the sops binary v3.9.0. This is an issue with the Go standard library net/http.
Is…
-
### Is your feature request related to a problem?
We are using the updatecli image. CVEs are discovered often from debian slim.
We are keeping it up to date, it is annoying.
In my understanding, …
-
**The CVE ID**
Two CVEs originating from GHSAs are affected by the same underlying issue:
- [CVE-2024-38356][CVE-2024-38356] / [GHSA-9hcv-j9pv-qmph][GHSA-9hcv-j9pv-qmph]
- [CVE-2024-38357][CVE-…
-
Hello.
In the DependencyCheck I'm getting alerts for CVE-2007-1651 and CVE-2007-1652 vulnerabilities referred to **Microsoft.IdentityModel.Protocols.OpenIdConnect** package (performing dll scanning…