-
Hi, thank you for developing SCAPinoculars, this is very useful !
I would like to suggest an additional type of report for vulnerabilities (oval), in addition to compliance (xccdf) reports.
http…
-
In the values file is says this:
```
# Comma-separated list of what security issues to detect. Possible values are `vuln`, `config` and `secret`. Defaults to `vuln`.
securityCheck: "vuln"
```
I…
-
# Container Image Vulnerability Report
The container vulnerability scanning GitHub action has found 169 vulnerabilities of High and Critical severity with fixes available for the `cassandra` conta…
-
### Current Behavior
I collected the sbom of all rpm packages in the CentOS system through the syft(https://github.com/anchore/syft) tool, the format of the sbom file is cyclonedx-json, then I upload…
-
As a CSP, I want to continuously scan my running infrastructure so that I discover security issues in a timely manner.
The implementation is based on a pipeline of security tools that are executed…
-
We should look into the vulnerability scanning and our options compared to just dependabot.
@mykaul sugested to have a look at https://github.com/aquasecurity/trivy for example
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
### Current Behavior:
In order to scan components for vulnerabilties, users have to create a project first. Projects are great for continuously scanning components, but they're too heavyweight for …
-
### Description
A suggestion is to use [trivy](https://github.com/aquasecurity/trivy) it's free and works pretty well.
Running it locally like so: `trivy fs --severity HIGH,CRITICAL --exit-code …
-
grype is reporting the installed consul version as v0.0.0, regardless of the actual version installed
Tested with a docker image which has consul v1.17.3 installed:
```
234156@mypod-0:/> /usr/bin…