-
Hi i have my trivy action code setup as follows
```
trivy:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/uplo…
-
Case #1: I ran the action in my workflows as below:
# Scan code with Checkmarx
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@master
with:
…
-
### What happened?
It appears although 1.24.x moved to 1.18 GO that the "go-runner" in kube-proxy Docker Image is built using 1.17.3 GO. This is being detected by Vulnerability Scanners, therefore…
-
How can I install Trivy after the installation of Harbor?
-
### Context
Tools like Wappalyzer use heuristics to determine which technologies are used on a given page. Some of them can be a bit brittle. For example Svelte is [detected](https://github.com/wap…
-
### Description
dockerd has several vulnerabilities. Can you fix them please?
https://hub.docker.com/layers/library/docker/25.0.1-dind/images/sha256-47d0ff54a405396b7ee5e882e33ee42d6457936b3393f2e…
-
#### What would you like to be added:
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
upgrade to 0.46.0
#### Why is this needed:
https://avd.aquasec.com/nvd/2023/cv…
-
Hello!
As part of our ongoing to ensure the security of our products, one or more vulnerabilties requiring redmediation have been identified.
The following vulnerabilities were scanned and found b…
-
/debug/pprof endpoints are exposed by default automatically by net/http/pprof import, which is reported as High security vulnerability by several different vulnerability scanners.
Although we do un…
-
`commons-compress` and `jetty-http` components has CVEs reported.
Could it possible to upgrade them ?.
### Steps to reproduce
```
$ trivy image --vuln-type library neo4j:5.12.0
2023-09-22T…