Closed tstromberg closed 4 months ago
There are 7 Wolfi packages that trigger this rule:
## packages/x86_64/buck2-20240102/usr/bin/buck2 ## packages/x86_64/cadvisor-0.49/usr/bin/cadvisor ## packages/x86_64/calico-felix-3.27/usr/bin/calico-bpf ## packages/x86_64/calico-felix-3.27/usr/bin/felix ## packages/x86_64/calico-node-3.27/bin/calico-node ## packages/x86_64/chromium-123.0/usr/lib/chromium/chrome ## packages/x86_64/cilium-1.14-1/usr/bin/cilium-agent ## packages/x86_64/cilium-1.15-1/usr/bin/cilium-agent ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-benchmark ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-client ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-compressor ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-copier ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-disks ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-format ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-git-import ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper-client ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper-converter ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-library-bridge ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-local ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-obfuscator ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-odbc-bridge ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-server ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-static-files-disk-uploader ## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-su ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-benchmark ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-client ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-compressor ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-copier ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-disks ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-format ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-git-import ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper-client ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper-converter ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-library-bridge ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-local ## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-obfuscator
Many of those seem reasonable, buck2 is the biggest surprise. At a minimum, we should set the priority to "HIGH", with maybe a "MEDIUM" if it matches clickhouse.
There are 7 Wolfi packages that trigger this rule:
Many of those seem reasonable, buck2 is the biggest surprise. At a minimum, we should set the priority to "HIGH", with maybe a "MEDIUM" if it matches clickhouse.