can't pass trivy scan - Githubissues

codesenberg / bombardier

Fast cross-platform HTTP benchmarking tool written in Go

MIT License

5.91k stars 313 forks source link

can't pass trivy scan #107

Open ozbillwang opened 8 months ago

ozbillwang commented 8 months ago

What version of bombardier are you using?

current latest release, v1.2.6 , but can't use the command bombardier --version to show its version

in case you've built bombardier yourself or version obtained by

$ bombardier --version

bombardier version unspecified linux/arm64

in case you are using binaries.

What operating system and processor architecture are you using (if relevant)?

linux/amd64
linux/arm64

What did you do?

Describe steps that can be used to reproduce the error.

create a image alpine/bombardier, and use trivy to scan it, there is on high reported

https://app.circleci.com/pipelines/github/alpine-docker/bombardier/2/workflows/96d743fc-d69b-4dde-9ad6-3e4a4a02f222/jobs/3

What you expected to happen?

should be fixed, upgrade library golang.org/x/net to fixed version 0.17.0

What actually happened?

ozbillwang commented 8 months ago

ok, seems the issue has been fixed by latest code,

https://github.com/codesenberg/bombardier/blob/master/go.mod#L24

    golang.org/x/net v0.17.0 // indirect

but not in the latest release v1.2.6

https://github.com/codesenberg/bombardier/blob/v1.2.6/go.mod#L12

    golang.org/x/net v0.9.0

So when can we have the latest code with new release tag?