Changing deprecated Dockerfile MAINTAINER field to LABEL MAINTAINER
Before Dependency Updates
Run December 18, 2022 at 8:03sssssssssssssssssssssssssssssssssssssspm EST time
$ trivy image fullstorydev/grpcurl:latest
2022-12-18T20:03:33.335-0500 INFO Vulnerability scanning is enabled
2022-12-18T20:03:33.335-0500 INFO Secret scanning is enabled
2022-12-18T20:03:33.335-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-18T20:03:33.335-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2022-12-18T20:03:33.734-0500 INFO Number of language-specific files: 1
2022-12-18T20:03:33.734-0500 INFO Detecting gobinary vulnerabilities...
bin/grpcurl (gobinary)
Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 4, CRITICAL: 0)
┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │
│ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-44716 │ │ │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│ │ │ │ │ │ cache │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │
│ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ golang: net/http: handle server errors after sending GOAWAY │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │
│ ├────────────────┼──────────┤ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-31525 │ MEDIUM │ │ 0.0.0-20210428140749-89ef3d95e781 │ golang: net/http: panic in ReadRequest and ReadResponse when │
│ │ │ │ │ │ reading a very large... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-31525 │
│ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2022-41717 │ │ │ 0.4.0 │ An attacker can cause excessive memory growth in a Go server │
│ │ │ │ │ │ accepting... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41717 │
├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/sys │ CVE-2022-29526 │ │ v0.0.0-20210119212857-b64e53b001e4 │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │
├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2022-32149 │ HIGH │ v0.3.7 │ 0.3.8 │ golang: golang.org/x/text/language: ParseAcceptLanguage │
│ │ │ │ │ │ takes a long time to parse complex tags │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │
└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴──────────────────────────────────────────────────────────────┘
After Dependency Updates
Run December 18, 2022 at 8:21pm EST time against the changes in this pull request.
$ trivy image fullstorydev/grpcurl:0165806
2022-12-18T20:21:49.210-0500 INFO Vulnerability scanning is enabled
2022-12-18T20:21:49.210-0500 INFO Secret scanning is enabled
2022-12-18T20:21:49.210-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-18T20:21:49.210-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2022-12-18T20:21:49.520-0500 INFO Number of language-specific files: 1
2022-12-18T20:21:49.520-0500 INFO Detecting gobinary vulnerabilities...
MAINTAINER
field toLABEL MAINTAINER
Before Dependency Updates
Run December 18, 2022 at 8:03sssssssssssssssssssssssssssssssssssssspm EST time
After Dependency Updates
Run December 18, 2022 at 8:21pm EST time against the changes in this pull request.