Closed mstopa-splunk closed 2 weeks ago
ikheifets-splunk
commented
1 month ago @dklimpel @aelsabbahy we ready to help add CVE detection on CI. As I remember @dklimpel already started that, please let me know if I can help with that :) If it's needed we ready to help with PR
mstopa-splunk
commented
3 weeks ago hi @dklimpel @aelsabbahy did you have some time to look at this?
aelsabbahy
commented
2 weeks ago Please let me know if the newest version resolves the issue for you.
ikheifets-splunk
commented
1 week ago Please let me know if the newest version resolves the issue for you.
@aelsabbahy unfortunately we replaced goss to another solution, because we have strict SLA on fixing critical CVEs. Anyway thank you for fixing.
aelsabbahy
commented
1 week ago Curious which solution you ended up going with.
I'll let you know once we have nightly CVE checks in case that changes anything in the future.
Many thanks for filing these and bringing this aspect to my attention as an enhancement to the release process.
ikheifets-splunk
commented
1 week ago Many thanks for filing these and bringing this aspect to my attention as an enhancement to the release process.
Thank you too, I super glad that we have such good communication :)
Curious which solution you ended up going with.
Instead of using generic tools for healthchecking, we found optimised for our use case - health check for syslog server by syslog-ng
Describe the bug 1 High, 2 Medium CVEs on goss
How To Reproduce Use trivy to detect CVE
Expected Behavior Clear CVE report
Actual Behavior Reported CVEe
Environment: goss v0.4.8 alpine 3.20.3