Trivy vulnerabilities - Githubissues

akutuev commented 4 months ago

Hello,

Running trivy, I see there are few vulnerabilities in version 1.4.4:

Might I ask you to take a look please?

Thanks

dwickr commented 3 months ago

This likely will be fixed by https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1601

aramase commented 3 months ago

v1.4.5 released and doesn't contain any CVEs.

➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/csi-secrets-store/driver:v1.4.5
2024-08-20T14:00:08.934-0700    INFO    Need to update DB
2024-08-20T14:00:08.934-0700    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2024-08-20T14:00:08.934-0700    INFO    Downloading DB...
51.71 MiB / 51.71 MiB [-------------------------------------------------------------------------------------------------------------------------------] 100.00% 23.19 MiB p/s 2.4s
2024-08-20T14:00:12.403-0700    INFO    Vulnerability scanning is enabled
2024-08-20T14:00:12.403-0700    INFO    Secret scanning is enabled
2024-08-20T14:00:12.403-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-20T14:00:12.403-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-08-20T14:00:15.428-0700    INFO    Detected OS: debian
2024-08-20T14:00:15.428-0700    INFO    Detecting Debian vulnerabilities...
2024-08-20T14:00:15.436-0700    INFO    Number of language-specific files: 1
2024-08-20T14:00:15.437-0700    INFO    Detecting gobinary vulnerabilities...

registry.k8s.io/csi-secrets-store/driver:v1.4.5 (debian 12.6)

Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Closing this issue now. As per cadence, the next release will be next month.

/close

k8s-ci-robot commented 3 months ago

@aramase: Closing this issue.

In response to [this](https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/1568#issuecomment-2299760990): >[v1.4.5](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.4.5) released and doesn't contain any CVEs. > >```bash >➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/csi-secrets-store/driver:v1.4.5 >2024-08-20T14:00:08.934-0700 INFO Need to update DB >2024-08-20T14:00:08.934-0700 INFO DB Repository: ghcr.io/aquasecurity/trivy-db >2024-08-20T14:00:08.934-0700 INFO Downloading DB... >51.71 MiB / 51.71 MiB [-------------------------------------------------------------------------------------------------------------------------------] 100.00% 23.19 MiB p/s 2.4s >2024-08-20T14:00:12.403-0700 INFO Vulnerability scanning is enabled >2024-08-20T14:00:12.403-0700 INFO Secret scanning is enabled >2024-08-20T14:00:12.403-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning >2024-08-20T14:00:12.403-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection >2024-08-20T14:00:15.428-0700 INFO Detected OS: debian >2024-08-20T14:00:15.428-0700 INFO Detecting Debian vulnerabilities... >2024-08-20T14:00:15.436-0700 INFO Number of language-specific files: 1 >2024-08-20T14:00:15.437-0700 INFO Detecting gobinary vulnerabilities... > >registry.k8s.io/csi-secrets-store/driver:v1.4.5 (debian 12.6) > >Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0) >``` > >Closing this issue now. As per cadence, the next release will be next month. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

kubernetes-sigs / secrets-store-csi-driver

Trivy vulnerabilities #1568