search

cert-manager / cert-manager

Automatically provision and manage TLS certificates in Kubernetes
https://cert-manager.io
Apache License 2.0
11.6k stars 2.02k forks source link

Report the use of components with vulnerabilities in cert-manager #6993

Closed HouqiyuA closed 3 weeks ago

HouqiyuA commented 3 weeks ago

Dear Team Members: Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.

Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.

Qiyu Hou

cert-manager-master_report.json

hawksight commented 3 weeks ago

Hello @HouqiyuA thank you for raising the issue.

Looking at the documentation we have a separate security issue reporting procedure. This links to the process here: https://github.com/cert-manager/community/blob/main/SECURITY.md

Please could you submit the details that way?

HouqiyuA commented 3 weeks ago

Ok! I will submit the details that way soon, thank you~!

Peter Fiddes @.***> 于2024年5月8日周三 23:35写道:

Hello @HouqiyuA https://github.com/HouqiyuA thank you for raising the issue.

Looking at the documentation we have a separate security issue reporting procedure https://cert-manager.io/docs/contributing/security/. This links to the process here: https://github.com/cert-manager/community/blob/main/SECURITY.md

Please could you submit the details that way?

— Reply to this email directly, view it on GitHub https://github.com/cert-manager/cert-manager/issues/6993#issuecomment-2100859729, or unsubscribe https://github.com/notifications/unsubscribe-auth/BBBY3LXRCMGVNCF6HWPRDWLZBJA5LAVCNFSM6AAAAABHMQOY72VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBQHA2TSNZSHE . You are receiving this because you were mentioned.Message ID: @.***>

hawksight commented 3 weeks ago

Thanks @HouqiyuA, can't close these but will ask a maintainer to :)