-
CodeQL: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-upd…
-
Title: Snyk: snowflake-jdbc io.netty:netty-common 4.1.111.Final
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/52b28ebb-529b-4938-…
-
Tracking issue for:
- [ ] https://github.com/moby/buildkit/security/code-scanning/5
- [ ] https://github.com/moby/buildkit/security/code-scanning/20
- [ ] https://github.com/moby/buildkit/secur…
-
OSV currently includes Alpine's fixed vulnerabilities (from [Alpine secdb](https://secdb.alpinelinux.org/)) in its CVE records, but it's missing information about unfixed vulnerabilities from [Alpine'…
-
### Describe your question
The following CVEs are being detected by Microsoft Defender for Cloud in the current version of v3.243.1 that I am using in the ADO agents. Is there any update on fixing th…
-
#### What happened:
CVE in `registry.k8s.io/build-image/distroless-iptables:v0.6.2` image
```bash
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/…
-
### Describe what should be investigated or refactored
We should add continuous scanning of image dependencies in UDS Software Factory package repositories to check for both CVEs and license changes.…
-
Hello Rundeck Team,
We have detected the vulnerability CVE-2023-44487 in the current version of Rundeck (v5.4.0) that we are using. This vulnerability has been flagged by our security scanning tool…
-
## Summary
Checking the result of Trivy scan, there is a CRITICAL CVE and a dependency should be updated.
## Steps to reproduce
When running a trivy scan on latest concourse image, it reporte…
-
Having images that are scanned for vulnerabilities provides more confidence for users wanting to run or adopt our demo images
One approach I've used in the past is to post to quay.io (in addition t…