clusterpedia-io / clusterpedia

The Encyclopedia of Kubernetes clusters
https://clusterpedia.io
Apache License 2.0
801 stars 121 forks source link

Report the use of components with vulnerabilities in clusterpedia #662

Open HouqiyuA opened 6 months ago

HouqiyuA commented 6 months ago

What would you like to be added?

Dear Team Members: Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.

Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.

Qiyu Hou

clusterpedia-main_report.json

Why is this needed?

Some vulnerable components are being used by this project, which present some security risks and need to be fixed.

clusterpedia-bot commented 6 months ago

Hi @HouqiyuA, Thanks for opening an issue! We will look into it as soon as possible.

Details Instructions for interacting with me using comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the [gh-ci-bot](https://github.com/clusterpedia-io/gh-ci-bot) repository.
Iceber commented 6 months ago

Thank you very much for the report, I will analyze it