-
### What happened?
This is CVE-2024-8986, it's being flagged by our security scanning tools, and has been for a long while now. When is this dependency due to be updated and a version containing the …
-
I know that `DotNetZip` is not a direct dependency, but you will need to add it if you have ZLib compressed messages.
`DotNetZip` is currently marked as abandoned and having a high severity securit…
-
Team,
kube-rbac-proxy image is vulnerable to `CVE-2024-34156`. In kube-rbace-proxy workflow image built is using [1.23](https://github.com/brancz/kube-rbac-proxy/blob/v0.18.1/.github/workflows/bui…
-
We currently support multiple sources of vulnerability intelligence, among them the NVD, OSS Index, GHSA and VulnDB. In some cases, we perform the actual vulnerability scanning (e.g. NVD, GHSA), in ot…
-
While working with Kafdrop a few High and Critical vulnerabilities were found. Is it possible to get these vulnerabilities addressed
**What vulnerabilities were found:**
- {"service_name": "kaf…
-
The use of embedded-consul 2.0.0 causes third-party threat analyzers (such as dependency-track) to generate threat alerts due to CVE threats in dependencies and transitive dependencies. slf4j-api and…
-
It seems to me that the action is limited to only the scanners `os` and `library`?
Passing other valid types such as `license` is not possible.
Not sure if this is because you want to ensure tha…
-
Hi,
It would be great if Cervantes could import and parse data (= reports) from the most common vulnerability scanners like Nessus, GreenBone, etc.
Thank you and keep on with this very promising too…
-
Hello,
We're facing issues with the [Using Trivy to scan your Git repo](https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#using-trivy-to-scan-your-git-repo) setup, the action is worki…
-
**Is your feature request related to a problem? Please describe.**
As main target for Vulnerable App is scanners so we need to find out false positives by Scanners such that they can improve on there…