search

goss-org / goss

Quick and Easy server testing/validation
https://goss.rocks
Apache License 2.0
5.5k stars 470 forks source link

Critical CVE on goss #941

Open ikheifets-splunk opened 1 week ago

ikheifets-splunk commented 1 week ago

Describe the bug Critical CVE on goss

Screenshot 2024-06-25 at 10 19 11

How To Reproduce Use trivy to detect CVE, in our case it's has been detected on CI

Expected Behavior Haven't CVE

Actual Behavior CVE

Environment:

aelsabbahy commented 5 days ago

@dklimpel this is a good opportunity to test the new trivy pipeline. Is it possible to reproduce this finding in the goss CI?

dklimpel commented 5 days ago

You should be able to run the workflow manually: https://github.com/goss-org/goss/actions/workflows/docker-goss.yaml

But it probably won't find anything because the workflow creates a new build and the affected dependency seems to be indirect.