VestigeJ
commented
8 months ago $ k3s -v
k3s version v1.27.10-rc2+k3s1 (ce6158f8)
go version go1.20.13$ grype /usr/local/bin/k3s --add-cpes-if-none
✔ Vulnerability DB [no update available]
✔ Indexed file system /usr/local/bin
✔ Cataloged contents 9419923b825a8ad1631526c09d09137c230e42336ec8610ec2830c100feb55be
└── ✔ Packages [32 packages]
✔ Scanned for vulnerabilities [0 vulnerability matches]
├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
└── by status: 0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found$ grype -vvv /usr/local/bin/k3s -o json
[0000] INFO grype version: 0.74.1
[0000] DEBUG config:
log:
quiet: false
level: trace
file: ""
dev:
profile: none
output:
- json
file: ""
distro: ""
add-cpes-if-none: false
output-template-file: ""
check-for-app-update: true
only-fixed: false
only-notfixed: false
ignore-states: ""
platform: ""
search:
scope: squashed
unindexed-archives: false
indexed-archives: true
ignore: []
exclude: []
db:
cache-dir: /home/ec2-user/.cache/grype/db
update-url: https://toolbox-data.anchore.io/grype/databases/listing.json
ca-cert: ""
auto-update: true
validate-by-hash-on-start: false
validate-age: true
max-allowed-built-age: 120h0m0s
external-sources:
enable: false
maven:
search-upstream: true
base-url: https://search.maven.org/solrsearch/select
match:
java:
using-cpes: false
dotnet:
using-cpes: false
golang:
using-cpes: false
always-use-cpe-for-stdlib: true
javascript:
using-cpes: false
python:
using-cpes: false
ruby:
using-cpes: false
rust:
using-cpes: false
stock:
using-cpes: true
fail-on-severity: ""
registry:
insecure-skip-tls-verify: false
insecure-use-http: false
auth: []
ca-cert: ""
show-suppressed: false
by-cve: false
name: ""
default-image-pull-source: ""
vex-documents: []
vex-add: []
[0000] DEBUG gathering packages
[0000] DEBUG loading DB
[0000] DEBUG looking for updates on vulnerability database
[0000] DEBUG checking for available database updates
[0000] DEBUG found database update candidate: Listing(url=https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2024-01-19T01:27:49Z_f87f267de31b0a1fde9d.tar.gz)
[0000] DEBUG existing database is already up to date
[0000] DEBUG no database update available
[0000] DEBUG no new grype update available
[0000] TRACE unable to open mod cache directory: /home/ec2-user/go/pkg/mod, skipping mod cache resolver
[0000] TRACE unable to open mod cache directory: /home/ec2-user/go/pkg/mod, skipping mod cache resolver
[0000] TRACE indexing filetree path=/usr/local/bin
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE starting package cataloger name=alpm-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/lib/pacman/local/**/desc
[0000] TRACE searching filetree by glob glob=**/var/lib/pacman/local/**/desc
[0000] DEBUG discovered 0 packages cataloger=alpm-db-cataloger
[0000] TRACE package cataloger completed name=alpm-db-cataloger
[0000] TRACE starting package cataloger name=apk-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/lib/apk/db/installed
[0000] TRACE searching filetree by glob glob=**/lib/apk/db/installed
[0000] DEBUG discovered 0 packages cataloger=apk-db-cataloger
[0000] TRACE package cataloger completed name=apk-db-cataloger
[0000] TRACE starting package cataloger name=dpkg-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/lib/dpkg/status
[0000] TRACE searching filetree by glob glob=**/var/lib/dpkg/status
[0000] TRACE searching for paths matching glob glob=**/var/lib/dpkg/status.d/*
[0000] TRACE searching filetree by glob glob=**/var/lib/dpkg/status.d/*
[0000] TRACE searching for paths matching glob glob=**/lib/opkg/info/*.control
[0000] TRACE searching filetree by glob glob=**/lib/opkg/info/*.control
[0000] TRACE searching for paths matching glob glob=**/lib/opkg/status
[0000] TRACE searching filetree by glob glob=**/lib/opkg/status
[0000] DEBUG discovered 0 packages cataloger=dpkg-db-cataloger
[0000] TRACE package cataloger completed name=dpkg-db-cataloger
[0000] TRACE starting package cataloger name=portage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/db/pkg/*/*/CONTENTS
[0000] TRACE searching filetree by glob glob=**/var/db/pkg/*/*/CONTENTS
[0000] DEBUG discovered 0 packages cataloger=portage-cataloger
[0000] TRACE package cataloger completed name=portage-cataloger
[0000] TRACE starting package cataloger name=rpm-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}
[0000] TRACE searching filetree by glob glob=**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}
[0000] TRACE searching for paths matching glob glob=**/var/lib/rpmmanifest/container-manifest-2
[0000] TRACE searching filetree by glob glob=**/var/lib/rpmmanifest/container-manifest-2
[0000] DEBUG discovered 0 packages cataloger=rpm-db-cataloger
[0000] TRACE package cataloger completed name=rpm-db-cataloger
[0000] TRACE starting package cataloger name=rpm-archive-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.rpm
[0000] TRACE searching filetree by glob glob=**/*.rpm
[0000] DEBUG discovered 0 packages cataloger=rpm-archive-cataloger
[0000] TRACE package cataloger completed name=rpm-archive-cataloger
[0000] TRACE starting package cataloger name=conan-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/conanfile.txt
[0000] TRACE searching filetree by glob glob=**/conanfile.txt
[0000] TRACE searching for paths matching glob glob=**/conan.lock
[0000] TRACE searching filetree by glob glob=**/conan.lock
[0000] DEBUG discovered 0 packages cataloger=conan-cataloger
[0000] TRACE package cataloger completed name=conan-cataloger
[0000] TRACE starting package cataloger name=dart-pubspec-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/pubspec.lock
[0000] TRACE searching filetree by glob glob=**/pubspec.lock
[0000] DEBUG discovered 0 packages cataloger=dart-pubspec-lock-cataloger
[0000] TRACE package cataloger completed name=dart-pubspec-lock-cataloger
[0000] TRACE starting package cataloger name=dotnet-deps-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.deps.json
[0000] TRACE searching filetree by glob glob=**/*.deps.json
[0000] DEBUG discovered 0 packages cataloger=dotnet-deps-cataloger
[0000] TRACE package cataloger completed name=dotnet-deps-cataloger
[0000] TRACE starting package cataloger name=elixir-mix-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/mix.lock
[0000] TRACE searching filetree by glob glob=**/mix.lock
[0000] DEBUG discovered 0 packages cataloger=elixir-mix-lock-cataloger
[0000] TRACE package cataloger completed name=elixir-mix-lock-cataloger
[0000] TRACE starting package cataloger name=erlang-rebar-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/rebar.lock
[0000] TRACE searching filetree by glob glob=**/rebar.lock
[0000] DEBUG discovered 0 packages cataloger=erlang-rebar-lock-cataloger
[0000] TRACE package cataloger completed name=erlang-rebar-lock-cataloger
[0000] TRACE starting package cataloger name=haskell-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/stack.yaml
[0000] TRACE searching filetree by glob glob=**/stack.yaml
[0000] TRACE searching for paths matching glob glob=**/stack.yaml.lock
[0000] TRACE searching filetree by glob glob=**/stack.yaml.lock
[0000] TRACE searching for paths matching glob glob=**/cabal.project.freeze
[0000] TRACE searching filetree by glob glob=**/cabal.project.freeze
[0000] DEBUG discovered 0 packages cataloger=haskell-cataloger
[0000] TRACE package cataloger completed name=haskell-cataloger
[0000] TRACE starting package cataloger name=go-module-file-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/go.mod
[0000] TRACE searching filetree by glob glob=**/go.mod
[0000] DEBUG discovered 0 packages cataloger=go-module-file-cataloger
[0000] TRACE package cataloger completed name=go-module-file-cataloger
[0000] TRACE starting package cataloger name=java-gradle-lockfile-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/gradle.lockfile*
[0000] TRACE searching filetree by glob glob=**/gradle.lockfile*
[0000] DEBUG discovered 0 packages cataloger=java-gradle-lockfile-cataloger
[0000] TRACE package cataloger completed name=java-gradle-lockfile-cataloger
[0000] TRACE starting package cataloger name=java-pom-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/pom.xml
[0000] TRACE searching filetree by glob glob=**/pom.xml
[0000] DEBUG discovered 0 packages cataloger=java-pom-cataloger
[0000] TRACE package cataloger completed name=java-pom-cataloger
[0000] TRACE starting package cataloger name=javascript-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/package-lock.json
[0000] TRACE searching filetree by glob glob=**/package-lock.json
[0000] TRACE searching for paths matching glob glob=**/yarn.lock
[0000] TRACE searching filetree by glob glob=**/yarn.lock
[0000] TRACE searching for paths matching glob glob=**/pnpm-lock.yaml
[0000] TRACE searching filetree by glob glob=**/pnpm-lock.yaml
[0000] DEBUG discovered 0 packages cataloger=javascript-lock-cataloger
[0000] TRACE package cataloger completed name=javascript-lock-cataloger
[0000] TRACE starting package cataloger name=php-composer-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/composer.lock
[0000] TRACE searching filetree by glob glob=**/composer.lock
[0000] DEBUG discovered 0 packages cataloger=php-composer-lock-cataloger
[0000] TRACE package cataloger completed name=php-composer-lock-cataloger
[0000] TRACE starting package cataloger name=python-package-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*requirements*.txt
[0000] TRACE searching filetree by glob glob=**/*requirements*.txt
[0000] TRACE searching for paths matching glob glob=**/poetry.lock
[0000] TRACE searching filetree by glob glob=**/poetry.lock
[0000] TRACE searching for paths matching glob glob=**/Pipfile.lock
[0000] TRACE searching filetree by glob glob=**/Pipfile.lock
[0000] TRACE searching for paths matching glob glob=**/setup.py
[0000] TRACE searching filetree by glob glob=**/setup.py
[0000] DEBUG discovered 0 packages cataloger=python-package-cataloger
[0000] TRACE package cataloger completed name=python-package-cataloger
[0000] TRACE starting package cataloger name=ruby-gemfile-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Gemfile.lock
[0000] TRACE searching filetree by glob glob=**/Gemfile.lock
[0000] DEBUG discovered 0 packages cataloger=ruby-gemfile-cataloger
[0000] TRACE package cataloger completed name=ruby-gemfile-cataloger
[0000] TRACE starting package cataloger name=ruby-gemspec-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.gemspec
[0000] TRACE searching filetree by glob glob=**/*.gemspec
[0000] DEBUG discovered 0 packages cataloger=ruby-gemspec-cataloger
[0000] TRACE package cataloger completed name=ruby-gemspec-cataloger
[0000] TRACE starting package cataloger name=rust-cargo-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Cargo.lock
[0000] TRACE searching filetree by glob glob=**/Cargo.lock
[0000] DEBUG discovered 0 packages cataloger=rust-cargo-lock-cataloger
[0000] TRACE package cataloger completed name=rust-cargo-lock-cataloger
[0000] TRACE starting package cataloger name=cocoapods-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Podfile.lock
[0000] TRACE searching filetree by glob glob=**/Podfile.lock
[0000] DEBUG discovered 0 packages cataloger=cocoapods-cataloger
[0000] TRACE package cataloger completed name=cocoapods-cataloger
[0000] TRACE starting package cataloger name=swift-package-manager-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Package.resolved
[0000] TRACE searching filetree by glob glob=**/Package.resolved
[0000] TRACE searching for paths matching glob glob=**/.package.resolved
[0000] TRACE searching filetree by glob glob=**/.package.resolved
[0000] DEBUG discovered 0 packages cataloger=swift-package-manager-cataloger
[0000] TRACE package cataloger completed name=swift-package-manager-cataloger
[0000] TRACE starting package cataloger name=dotnet-portable-executable-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.dll
[0000] TRACE searching filetree by glob glob=**/*.dll
[0000] TRACE searching for paths matching glob glob=**/*.exe
[0000] TRACE searching filetree by glob glob=**/*.exe
[0000] DEBUG discovered 0 packages cataloger=dotnet-portable-executable-cataloger
[0000] TRACE package cataloger completed name=dotnet-portable-executable-cataloger
[0000] TRACE starting package cataloger name=python-installed-package-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.egg-info
[0000] TRACE searching filetree by glob glob=**/*.egg-info
[0000] TRACE searching for paths matching glob glob=**/*dist-info/METADATA
[0000] TRACE searching filetree by glob glob=**/*dist-info/METADATA
[0000] TRACE searching for paths matching glob glob=**/*egg-info/PKG-INFO
[0000] TRACE searching filetree by glob glob=**/*egg-info/PKG-INFO
[0000] TRACE searching for paths matching glob glob=**/*DIST-INFO/METADATA
[0000] TRACE searching filetree by glob glob=**/*DIST-INFO/METADATA
[0000] TRACE searching for paths matching glob glob=**/*EGG-INFO/PKG-INFO
[0000] TRACE searching filetree by glob glob=**/*EGG-INFO/PKG-INFO
[0000] DEBUG discovered 0 packages cataloger=python-installed-package-cataloger
[0000] TRACE package cataloger completed name=python-installed-package-cataloger
[0000] TRACE starting package cataloger name=go-module-binary-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching mimetype mimetypes=[application/x-sharedlib application/vnd.microsoft.portable-executable application/x-executable application/x-mach-binary application/x-elf]
[0000] TRACE searching filetree by MIME types types=[application/x-sharedlib application/vnd.microsoft.portable-executable application/x-executable application/x-mach-binary application/x-elf]
[0000] TRACE parsing file contents path=/k3s
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/containerd/stargz-snapshotter/estargz@v0.14.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/go-logr/logr@v1.4.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/gogo/protobuf@v1.3.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/google/go-containerregistry@v0.14.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/google/gofuzz@v1.2.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/json-iterator/go@v1.1.12/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/klauspost/compress@v1.17.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/modern-go/reflect2@v1.0.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/opencontainers/go-digest@v1.0.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/opencontainers/image-spec@v1.1.0-rc5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/pierrec/lz4@v2.6.0+incompatible/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/pkg/errors@v0.9.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/rancher/wharfie@v0.5.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/rancher/wrangler@v1.1.1-0.20230807182002-35cb42e6a915/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/sirupsen/logrus@v1.9.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/spf13/pflag@v1.0.5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/urfave/cli@v1.22.14/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/vbatts/tar-split@v0.11.5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/net@v0.17.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/sync@v0.6.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/sys@v0.13.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/text@v0.14.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/gopkg.in/inf.v0@v0.9.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/gopkg.in/yaml.v2@v2.4.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/kubernetes/staging/src/k8s.io/apimachinery@v1.27.10-k3s1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/klog/v2@v2.90.1-k3s1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/k8s.io/utils@v0.0.0-20230406110748-d93618cff8a2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/sigs.k8s.io/structured-merge-diff/v4@v4.2.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/k3s@(devel)/*
[0000] DEBUG discovered 32 packages cataloger=go-module-binary-cataloger
[0000] TRACE package cataloger completed name=go-module-binary-cataloger
[0000] TRACE starting package cataloger name=java-archive-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.jar
[0000] TRACE searching filetree by glob glob=**/*.jar
[0000] TRACE searching for paths matching glob glob=**/*.war
[0000] TRACE searching filetree by glob glob=**/*.war
[0000] TRACE searching for paths matching glob glob=**/*.ear
[0000] TRACE searching filetree by glob glob=**/*.ear
[0000] TRACE searching for paths matching glob glob=**/*.par
[0000] TRACE searching filetree by glob glob=**/*.par
[0000] TRACE searching for paths matching glob glob=**/*.sar
[0000] TRACE searching filetree by glob glob=**/*.sar
[0000] TRACE searching for paths matching glob glob=**/*.nar
[0000] TRACE searching filetree by glob glob=**/*.nar
[0000] TRACE searching for paths matching glob glob=**/*.jpi
[0000] TRACE searching filetree by glob glob=**/*.jpi
[0000] TRACE searching for paths matching glob glob=**/*.hpi
[0000] TRACE searching filetree by glob glob=**/*.hpi
[0000] TRACE searching for paths matching glob glob=**/*.lpkg
[0000] TRACE searching filetree by glob glob=**/*.lpkg
[0000] TRACE searching for paths matching glob glob=**/*.zip
[0000] TRACE searching filetree by glob glob=**/*.zip
[0000] DEBUG discovered 0 packages cataloger=java-archive-cataloger
[0000] TRACE package cataloger completed name=java-archive-cataloger
[0000] TRACE starting package cataloger name=graalvm-native-image-cataloger
[0000] TRACE searching filetree by MIME types types=[application/x-executable application/x-mach-binary application/x-elf application/x-sharedlib application/vnd.microsoft.portable-executable]
[0000] TRACE unable to extract SBOM from possible java native-image /k3s: no symbols found in binary: no symbol section
[0000] TRACE not a MachO binary error=invalid magic number in record at byte 0x0 filename=/k3s
[0000] TRACE not a PE binary error=unrecognized PE machine: 0x457f filename=/k3s
[0000] DEBUG discovered 0 packages cataloger=graalvm-native-image-cataloger
[0000] TRACE package cataloger completed name=graalvm-native-image-cataloger
[0000] TRACE starting package cataloger name=nix-store-cataloger
[0000] DEBUG discovered 0 packages cataloger=nix-store-cataloger
[0000] TRACE package cataloger completed name=nix-store-cataloger
[0000] TRACE starting package cataloger name=binary-cataloger
[0000] TRACE cataloging binaries classifier=python-binary
[0000] TRACE searching filetree by glob glob=**/python*
[0000] TRACE cataloging binaries classifier=python-binary-lib
[0000] TRACE searching filetree by glob glob=**/libpython*.so*
[0000] TRACE cataloging binaries classifier=pypy-binary-lib
[0000] TRACE searching filetree by glob glob=**/libpypy*.so*
[0000] TRACE cataloging binaries classifier=go-binary
[0000] TRACE searching filetree by glob glob=**/go
[0000] TRACE cataloging binaries classifier=julia-binary
[0000] TRACE searching filetree by glob glob=**/libjulia-internal.so
[0000] TRACE cataloging binaries classifier=helm
[0000] TRACE searching filetree by glob glob=**/helm
[0000] TRACE cataloging binaries classifier=redis-binary
[0000] TRACE searching filetree by glob glob=**/redis-server
[0000] TRACE cataloging binaries classifier=java-binary-openjdk
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=java-binary-ibm
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=java-binary-oracle
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=nodejs-binary
[0000] TRACE searching filetree by glob glob=**/node
[0000] TRACE cataloging binaries classifier=go-binary-hint
[0000] TRACE searching filetree by glob glob=**/VERSION
[0000] TRACE cataloging binaries classifier=busybox-binary
[0000] TRACE searching filetree by glob glob=**/busybox
[0000] TRACE cataloging binaries classifier=haproxy-binary
[0000] TRACE searching filetree by glob glob=**/haproxy
[0000] TRACE cataloging binaries classifier=perl-binary
[0000] TRACE searching filetree by glob glob=**/perl
[0000] TRACE cataloging binaries classifier=php-cli-binary
[0000] TRACE searching filetree by glob glob=**/php*
[0000] TRACE cataloging binaries classifier=php-fpm-binary
[0000] TRACE searching filetree by glob glob=**/php-fpm*
[0000] TRACE cataloging binaries classifier=php-apache-binary
[0000] TRACE searching filetree by glob glob=**/libphp*.so
[0000] TRACE cataloging binaries classifier=php-composer-binary
[0000] TRACE searching filetree by glob glob=**/composer*
[0000] TRACE cataloging binaries classifier=httpd-binary
[0000] TRACE searching filetree by glob glob=**/httpd
[0000] TRACE cataloging binaries classifier=memcached-binary
[0000] TRACE searching filetree by glob glob=**/memcached
[0000] TRACE cataloging binaries classifier=traefik-binary
[0000] TRACE searching filetree by glob glob=**/traefik
[0000] TRACE cataloging binaries classifier=postgresql-binary
[0000] TRACE searching filetree by glob glob=**/postgres
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=xtrabackup-binary
[0000] TRACE searching filetree by glob glob=**/xtrabackup
[0000] TRACE cataloging binaries classifier=mariadb-binary
[0000] TRACE searching filetree by glob glob=**/mariadb
[0000] TRACE cataloging binaries classifier=rust-standard-library-linux
[0000] TRACE searching filetree by glob glob=**/libstd-????????????????.so
[0000] TRACE cataloging binaries classifier=rust-standard-library-macos
[0000] TRACE searching filetree by glob glob=**/libstd-????????????????.dylib
[0000] TRACE cataloging binaries classifier=ruby-binary
[0000] TRACE searching filetree by glob glob=**/ruby
[0000] TRACE cataloging binaries classifier=erlang-binary
[0000] TRACE searching filetree by glob glob=**/erlexec
[0000] TRACE cataloging binaries classifier=consul-binary
[0000] TRACE searching filetree by glob glob=**/consul
[0000] TRACE cataloging binaries classifier=nginx-binary
[0000] TRACE searching filetree by glob glob=**/nginx
[0000] TRACE cataloging binaries classifier=bash-binary
[0000] TRACE searching filetree by glob glob=**/bash
[0000] TRACE cataloging binaries classifier=openssl-binary
[0000] TRACE searching filetree by glob glob=**/openssl
[0000] TRACE cataloging binaries classifier=gcc-binary
[0000] TRACE searching filetree by glob glob=**/gcc
[0000] TRACE cataloging binaries classifier=wordpress-cli-binary
[0000] TRACE searching filetree by glob glob=**/wp
[0000] DEBUG discovered 0 packages cataloger=binary-cataloger
[0000] TRACE package cataloger completed name=binary-cataloger
[0000] TRACE starting package cataloger name=github-actions-usage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yml
[0000] TRACE searching for paths matching glob glob=**/.github/actions/*/action.yml
[0000] TRACE searching filetree by glob glob=**/.github/actions/*/action.yml
[0000] TRACE searching for paths matching glob glob=**/.github/actions/*/action.yaml
[0000] TRACE searching filetree by glob glob=**/.github/actions/*/action.yaml
[0000] DEBUG discovered 0 packages cataloger=github-actions-usage-cataloger
[0000] TRACE package cataloger completed name=github-actions-usage-cataloger
[0000] TRACE starting package cataloger name=github-action-workflow-usage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yml
[0000] DEBUG discovered 0 packages cataloger=github-action-workflow-usage-cataloger
[0000] TRACE package cataloger completed name=github-action-workflow-usage-cataloger
[0000] TRACE starting package cataloger name=sbom-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.syft.json
[0000] TRACE searching filetree by glob glob=**/*.syft.json
[0000] TRACE searching for paths matching glob glob=**/*.bom.*
[0000] TRACE searching filetree by glob glob=**/*.bom.*
[0000] TRACE searching for paths matching glob glob=**/*.bom
[0000] TRACE searching filetree by glob glob=**/*.bom
[0000] TRACE searching for paths matching glob glob=**/bom
[0000] TRACE searching filetree by glob glob=**/bom
[0000] TRACE searching for paths matching glob glob=**/*.sbom.*
[0000] TRACE searching filetree by glob glob=**/*.sbom.*
[0000] TRACE searching for paths matching glob glob=**/*.sbom
[0000] TRACE searching filetree by glob glob=**/*.sbom
[0000] TRACE searching for paths matching glob glob=**/sbom
[0000] TRACE searching filetree by glob glob=**/sbom
[0000] TRACE searching for paths matching glob glob=**/*.cdx.*
[0000] TRACE searching filetree by glob glob=**/*.cdx.*
[0000] TRACE searching for paths matching glob glob=**/*.cdx
[0000] TRACE searching filetree by glob glob=**/*.cdx
[0000] TRACE searching for paths matching glob glob=**/*.spdx.*
[0000] TRACE searching filetree by glob glob=**/*.spdx.*
[0000] TRACE searching for paths matching glob glob=**/*.spdx
[0000] TRACE searching filetree by glob glob=**/*.spdx
[0000] DEBUG discovered 0 packages cataloger=sbom-cataloger
[0000] TRACE package cataloger completed name=sbom-cataloger
[0000] DEBUG no CPEs for package: Pkg(name="gopkg.in/inf.v0" version="v0.9.1" type="go-module" id="c18955394e2e88b3")
[0000] DEBUG no CPEs for package: Pkg(name="gopkg.in/yaml.v2" version="v2.4.0" type="go-module" id="41aa3fc6e13b5446")
[0000] DEBUG no CPEs for package: Pkg(name="k8s.io/utils" version="v0.0.0-20230406110748-d93618cff8a2" type="go-module" id="2e1ddc648eaebf40")
[0000] DEBUG no CPEs for package: Pkg(name="sigs.k8s.io/json" version="v0.0.0-20221116044647-bc3834ca7abd" type="go-module" id="95a7f56d3f28299f")
[0000] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none
[0000] TRACE finding matches against DB
[0000] DEBUG adding matcher: deb
[0000] DEBUG adding matcher: gem
[0000] DEBUG adding matcher: python
[0000] DEBUG adding matcher: dotnet
[0000] DEBUG adding matcher: rpm
[0000] DEBUG adding matcher: java-archive
[0000] DEBUG adding matcher: jenkins-plugin
[0000] DEBUG adding matcher: npm
[0000] DEBUG adding matcher: apk
[0000] DEBUG adding matcher: go-module
[0000] DEBUG adding matcher: msrc-kb
[0000] DEBUG adding matcher: portage
[0000] DEBUG adding matcher: rust-crate
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/containerd/stargz-snapshotter/estargz@v0.14.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/go-logr/logr@v1.4.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/gogo/protobuf@v1.3.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/google/go-containerregistry@v0.14.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/google/gofuzz@v1.2.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/json-iterator/go@v1.1.12
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/k3s@v1.27.10-rc2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/klog/v2@v2.90.1-k3s1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/kubernetes/staging/src/k8s.io/apimachinery@v1.27.10-k3s1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/klauspost/compress@v1.17.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/modern-go/reflect2@v1.0.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/opencontainers/go-digest@v1.0.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/opencontainers/image-spec@v1.1.0-rc5
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/pierrec/lz4@v2.6.0+incompatible
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/pkg/errors@v0.9.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/rancher/wharfie@v0.5.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/rancher/wrangler@v1.1.1-0.20230807182002-35cb42e6a915
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/sirupsen/logrus@v1.9.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/spf13/pflag@v1.0.5
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/urfave/cli@v1.22.14
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/vbatts/tar-split@v0.11.5
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/net@v0.17.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/sync@v0.6.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/sys@v0.13.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/text@v0.14.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/gopkg.in/inf.v0@v0.9.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/gopkg.in/yaml.v2@v2.4.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/k8s.io/utils@v0.0.0-20230406110748-d93618cff8a2
[0000] TRACE searching for vulnerability matches package=pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd
[0000] TRACE searching for vulnerability matches package=pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.2.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/stdlib@1.20.13
[0000] TRACE finding matches against available VEX documents
[0000] INFO found 0 vulnerability matches across 32 packages
[0000] DEBUG ├── fixed: 0
[0000] DEBUG ├── ignored: 0 (due to user-provided rule)
[0000] DEBUG ├── dropped: 0 (due to hard-coded correction)
[0000] DEBUG └── matched: 0
[0000] DEBUG ├── unknown severity: 0
[0000] DEBUG ├── negligible: 0
[0000] DEBUG ├── low: 0
[0000] DEBUG ├── medium: 0
[0000] DEBUG ├── high: 0
[0000] DEBUG └── critical: 0
[0000] TRACE worker stopped component=eventloop
[0000] TRACE signal exit component=eventloop
{
"matches": [],
"source": {
"type": "file",
"target": "/usr/local/bin/k3s"
},
"distro": {
"name": "",
"version": "",
"idLike": null
},
"descriptor": {
"name": "grype",
"version": "0.74.1",
"configuration": {
"output": [
"json"
],
"file": "",
"distro": "",
"add-cpes-if-none": false,
"output-template-file": "",
"check-for-app-update": true,
"only-fixed": false,
"only-notfixed": false,
"ignore-wontfix": "",
"platform": "",
"search": {
"scope": "squashed",
"unindexed-archives": false,
"indexed-archives": true
},
"ignore": null,
"exclude": [],
"db": {
"cache-dir": "/home/ec2-user/.cache/grype/db",
"update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json",
"ca-cert": "",
"auto-update": true,
"validate-by-hash-on-start": false,
"validate-age": true,
"max-allowed-built-age": 432000000000000
},
"externalSources": {
"enable": false,
"maven": {
"searchUpstreamBySha1": true,
"baseUrl": "https://search.maven.org/solrsearch/select"
}
},
"match": {
"java": {
"using-cpes": false
},
"dotnet": {
"using-cpes": false
},
"golang": {
"using-cpes": false,
"always-use-cpe-for-stdlib": true
},
"javascript": {
"using-cpes": false
},
"python": {
"using-cpes": false
},
"ruby": {
"using-cpes": false
},
"rust": {
"using-cpes": false
},
"stock": {
"using-cpes": true
}
},
"fail-on-severity": "",
"registry": {
"insecure-skip-tls-verify": false,
"insecure-use-http": false,
"auth": null,
"ca-cert": ""
},
"show-suppressed": false,
"by-cve": false,
"name": "",
"default-image-pull-source": "",
"vex-documents": [],
"vex-add": []
},
"db": {
"built": "2024-01-19T01:27:49Z",
"schemaVersion": 5,
"location": "/home/ec2-user/.cache/grype/db/5",
"checksum": "sha256:0dabe98d1b63ae614672cf44a055b9480e900c459f66d5e688ef4c2e31626cd0",
"error": null
},
"timestamp": "2024-01-19T19:45:04.363432293Z"
}
}
Backport fix for Support scanning k3s images with grype
8618