Open ikheifets-splunk opened 1 week ago
@dklimpel this is a good opportunity to test the new trivy pipeline. Is it possible to reproduce this finding in the goss CI?
You should be able to run the workflow manually: https://github.com/goss-org/goss/actions/workflows/docker-goss.yaml
But it probably won't find anything because the workflow creates a new build and the affected dependency seems to be indirect.
Describe the bug Critical CVE on goss
How To Reproduce Use trivy to detect CVE, in our case it's has been detected on CI
Expected Behavior Haven't CVE
Actual Behavior CVE
Environment: