-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Alert: 1.13.37 #9478
Comments
HistoryThis is a subset of errors that were first encountered in #9443. @sheidkamp opened a PR #9452 to resolve this. Local RunWhen I run the scan locally:
I do not get any errors:
I noticed that the version of trivy that I had installed:
Did not match the version used in CI (see below):
I noticed that we actually ignore the vulernabilities that are reported, so I ran the local scan again:
Again, I saw no vulnerabilities listed (as expected). Most recent CI runFrom the logs of the most recent security scan (logs), I see:
But I don't see any comment on the issue, or update to indicate that the job performed an update |
There is an open conversation around the two approaches we can take to solve this:
I am happy with either direction that is chosen. Given that this is remaining work left over from the previous effort to fix these vulnerabilities, I am assigning this to @sheidkamp |
quay.io/solo-io/kubectl:1.13.37
No Vulnerabilities Found for quay.io/solo-io/kubectl:1.13.37 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/kubectl
The text was updated successfully, but these errors were encountered: