Vulnerabilities on this image #64

jribmartins · 2023-10-10T07:53:10Z

This image has some high vulnerabilities:

CVE-2023-38039 (alpine version should be update)
The library github.com/docker/docker version 23.0.1+incompatible was detected in Golang binary located at /usr/bin/helm and is vulnerable to CVE-2023-28840, which exists in versions >= 23.0.0, < 23.0.3.
CVE-2023-28840 (helm version should be updated)
The package curl version 8.2.1-r0 was detected in APK package manager on a container image running Alpine 3.18.3 is vulnerable to CVE-2023-38039, which exists in versions < 8.3.0-r0.

ozbillwang · 2023-10-10T12:14:44Z

I guess you run the test on current latest versions, right?

1.28.2 1.27.6 1.26.9 1.25.14

I run with trivy scan, but get different result

ozbillwang pushed a commit that referenced this issue Oct 10, 2023

#64 - add trivy scan in pipeine

c7c54f7

ozbillwang pushed a commit that referenced this issue Oct 10, 2023

#64 - add trivy scan in pipeine

a74bd34

ozbillwang pushed a commit that referenced this issue Oct 10, 2023

#64 - add trivy scan in pipeine

d954f7c

ozbillwang pushed a commit that referenced this issue Oct 10, 2023

#64 - add trivy scan in pipeine

a43f550

ozbillwang pushed a commit that referenced this issue Oct 10, 2023

#64 - add trivy scan in pipeine

d4485c7

ozbillwang closed this as completed in e6aafc2 Oct 25, 2023

Provide feedback