Closed skuethe closed 6 days ago
Okay, give v1.4.1.1 a try.
trivy image --severity CRITICAL --ignore-unfixed docker.io/sqitch/sqitch:v1.4.1.1
2024-07-03T08:28:17.204+0200 INFO Vulnerability scanning is enabled
2024-07-03T08:28:17.204+0200 INFO Secret scanning is enabled
2024-07-03T08:28:17.204+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-03T08:28:17.204+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-07-03T08:28:20.983+0200 INFO Detected OS: debian
2024-07-03T08:28:20.983+0200 INFO Detecting Debian vulnerabilities...
2024-07-03T08:28:21.011+0200 INFO Number of language-specific files: 0
docker.io/sqitch/sqitch:v1.4.1.1 (debian 12.6)
Total: 0 (CRITICAL: 0)
Thank you for the fast fix! 👍🏽
Hey there,
thank you for this image. Currently our trivy scans block
sqitch/sqitch:latest
with a fixable critical vulnerability ofCVE-2023-36328
.I scanned the upstream image
docker.io/library/debian:bookworm-slim
but that goes through. I also tried building the image locally to figure out if the vuln is introduced by some RUN command, but I am having some troubles with the build since I am using non-root podman instead of docker and thosefind .. -delete
commands are breaking stuff for me.My guess it, that using the up-to-date upstream version just fixes this problem. Could you verify and / or release a new version for this?
Thanks, much appreciated!