review Trivy report - Githubissues

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://cisagov.github.io/Malcolm/

Other

1.97k stars 331 forks source link

review Trivy report #380

Open mmguero opened 2 weeks ago

mmguero commented 2 weeks ago

@mmguero cloned issue idaholab/Malcolm#551 on 2024-08-27:

There are a number of new CVEs reported in the Trivy results, need to review and fix where possible for v24.09.0.

mmguero commented 2 weeks ago

@mmguero commented on 2024-09-11:

I went through and looked at these, almost none of them apply. In fact, most of them come from golang CVEs I don't think have any production impact on our images.

Going to punt for now, will revisit in a release or so. If there are truly applicable and worrisome CVEs that crop of we'll of course adresss them.