Rebuilding with the latest golang:1.20-alpine should utilize 1.20.5 instead of 1.20.2 which will address most of these go related vulnerabilities, particularly the critical ones.
> grype golang:1.20.2-alpine --add-cpes-if-none --by-cve ok 18s 06/12/23 11:41:41 AM
✔ Vulnerability DB [no update available]
✔ Pulled image
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [39 packages]
✔ Scanning image... [13 vulnerabilities]
├── 2 critical, 7 high, 4 medium, 0 low, 0 negligible
└── 4 fixed
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
go 1.20.2 binary CVE-2020-29509 Medium
go 1.20.2 binary CVE-2020-29511 Medium
go 1.20.2 binary CVE-2023-24534 High
go 1.20.2 binary CVE-2023-24536 High
go 1.20.2 binary CVE-2023-24537 High
go 1.20.2 binary CVE-2023-24538 Critical
go 1.20.2 binary CVE-2023-24539 High
go 1.20.2 binary CVE-2023-24540 Critical
go 1.20.2 binary CVE-2023-29400 High
libcrypto3 3.0.8-r3 3.0.8-r4 apk CVE-2023-1255 Medium
libcrypto3 3.0.8-r3 3.0.9-r0 apk CVE-2023-2650 High
libssl3 3.0.8-r3 3.0.8-r4 apk CVE-2023-1255 Medium
libssl3 3.0.8-r3 3.0.9-r0 apk CVE-2023-2650 High
Rebuilding with the latest
golang:1.20-alpine
should utilize 1.20.5 instead of 1.20.2 which will address most of these go related vulnerabilities, particularly the critical ones.