~/programs/pf9/luigi/dhcp-controller master !2 х INT Py base 02:53:24 PM
❯ trivy image -s CRITICAL,HIGH artifactory.platform9.horse/docker-local/pf9-dhcp-controller:v1.0
2023-09-27T14:53:35.396+0530 INFO Vulnerability scanning is enabled
2023-09-27T14:53:35.396+0530 INFO Secret scanning is enabled
2023-09-27T14:53:35.396+0530 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-09-27T14:53:35.396+0530 INFO Please see also https://aquasecurity.github.io/trivy/v0.45/docs/scanner/secret/#recommendation for faster secret detection
2023-09-27T14:53:36.677+0530 WARN Parse error {"file": "var/lib/dpkg/status.d/base-files.md5sums", "error": "malformed MIME header: missing colon: \"ea85a9fb8526e81b3ffe5dcdf209112e usr/lib/os-release\""}
2023-09-27T14:53:36.733+0530 INFO Detected OS: debian
2023-09-27T14:53:36.734+0530 INFO Detecting Debian vulnerabilities...
2023-09-27T14:53:36.734+0530 INFO Number of language-specific files: 1
2023-09-27T14:53:36.734+0530 INFO Detecting gobinary vulnerabilities...
artifactory.platform9.horse/docker-local/pf9-dhcp-controller:v1.0 (debian 11.7)
Total: 0 (HIGH: 0, CRITICAL: 0)
~/programs/pf9/luigi/dhcp-controller master Py base 02:45:14 PM
❯ trivy image -s CRITICAL,HIGH docker.io/platform9/pf9-dhcp-controller:v1.0
2023-09-27T14:45:59.726+0530 INFO Vulnerability scanning is enabled
2023-09-27T14:45:59.726+0530 INFO Secret scanning is enabled
2023-09-27T14:45:59.726+0530 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-09-27T14:45:59.726+0530 INFO Please see also https://aquasecurity.github.io/trivy/v0.45/docs/scanner/secret/#recommendation for faster secret detection
2023-09-27T14:45:59.748+0530 INFO Detected OS: debian
2023-09-27T14:45:59.748+0530 INFO Detecting Debian vulnerabilities...
2023-09-27T14:45:59.748+0530 INFO Number of language-specific files: 1
2023-09-27T14:45:59.748+0530 INFO Detecting gobinary vulnerabilities...
docker.io/platform9/pf9-dhcp-controller:v1.0 (debian 11.7)
Total: 0 (HIGH: 0, CRITICAL: 0)
manager (gobinary)
Total: 6 (HIGH: 5, CRITICAL: 1)
┌────────────────────────────────┬────────────────┬──────────┬────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────┼────────────────┼──────────┼────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ fixed │ v2.15.0+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │
├────────────────────────────────┼────────────────┼──────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191 │ HIGH │ │ v0.0.0-20220214200702-86341886e292 │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │
├────────────────────────────────┼────────────────┤ │ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2022-27664 │ │ │ v0.0.0-20220225172249-27dd8689420f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │
│ ├────────────────┤ │ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-41723 │ │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │
├────────────────────────────────┼────────────────┤ │ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2022-32149 │ │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │
├────────────────────────────────┼────────────────┤ │ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ gopkg.in/yaml.v3 │ CVE-2022-28948 │ │ │ v3.0.0-20210107192922-496545a6307b │ 3.0.0-20220521103104-8f96da9f5d5e │ crash when attempting to deserialize invalid input │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-28948 │
└────────────────────────────────┴────────────────┴──────────┴────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘
Backport https://github.com/platform9/luigi/pull/104 security fixes Jira: PMK-6031