kyverno / kyverno

Cloud Native Policy Management
https://kyverno.io
Apache License 2.0
5.71k stars 873 forks source link

Report the use of components with vulnerabilities kyverno #10202

Closed HouqiyuA closed 3 months ago

HouqiyuA commented 6 months ago

Kyverno Version

1.12.0

Description

Dear Team Members: Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.

Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.

Qiyu Hou

kyverno-main_report.json

Slack discussion

No response

Troubleshooting

welcome[bot] commented 6 months ago

Thanks for opening your first issue here! Be sure to follow the issue template!

chipzoller commented 3 months ago

None of the affected packages impact the latest release (1.12.5). Closing.