search

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Apache License 2.0
7.64k stars 565 forks source link

Set up VEX to eliminate false-positives from vulnerability scanning tool results #1576

Open AkihiroSuda opened 1 year ago

AkihiroSuda commented 1 year ago

e.g., https://github.com/CycloneDX/bom-examples/tree/master/VEX/Use-Cases/Case-4

For false positives like:

its-sachink commented 1 year ago

Thanks for explanation.

Regards, Sachin. K.

dims commented 8 months ago

xref: https://github.com/kubernetes/kubernetes/issues/121454

ritazh commented 1 week ago

xref: https://github.com/kubernetes/sig-security/issues/116