You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran Trivy to scan the ghcr.io/interlynk-io/sbomqs:v0.1.7 image and found multiple vulnerabilities. Below are the details of the scan:
$ trivy image ghcr.io/interlynk-io/sbomqs:v0.1.7
2024-07-22T22:14:55+05:30 INFO Vulnerability scanning is enabled
2024-07-22T22:14:55+05:30 INFO Secret scanning is enabled
2024-07-22T22:14:55+05:30 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-22T22:14:55+05:30 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-22T22:15:00+05:30 INFO Number of language-specific files num=1
2024-07-22T22:15:00+05:30 INFO [gobinary] Detecting vulnerabilities...
2024-07-22T22:15:00+05:30 WARN Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.53/docs/scanner/vulnerability#severity-selection for details.
app/sbomqs (gobinary)
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib │ CVE-2024-24790 │ CRITICAL │ fixed │ 1.22.2 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │
│ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790 │
│ ├────────────────┼──────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-24788 │ HIGH │ │ │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │
│ ├────────────────┼──────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-24789 │ MEDIUM │ │ │ 1.21.11, 1.22.4 │ golang: archive/zip: Incorrect handling of certain ZIP files │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24789 │
│ ├────────────────┤ │ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-24791 │ │ │ │ 1.21.12, 1.22.5 │ net/http: Denial of service due to improper 100-continue │
│ │ │ │ │ │ │ handling in net/http │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24791 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘
Repository scanning
Whereas on repository scanning didn't found as such vulnerabilities.
$ trivy repository https://github.com/interlynk-io/sbomqs
2024-07-22T22:21:27+05:30 INFO Vulnerability scanning is enabled
2024-07-22T22:21:27+05:30 INFO Secret scanning is enabled
2024-07-22T22:21:27+05:30 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-22T22:21:27+05:30 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
Enumerating objects: 743, done.
Counting objects: 100% (743/743), done.
Compressing objects: 100% (442/442), done.
Total 743 (delta 489), reused 480 (delta 283), pack-reused 0
2024-07-22T22:21:30+05:30 INFO Number of language-specific files num=1
2024-07-22T22:21:30+05:30 INFO [gomod] Detecting vulnerabilities...
Solution
We should patch up this vulnerabilities.
The text was updated successfully, but these errors were encountered:
Description
Image scanning
I ran Trivy to scan the
ghcr.io/interlynk-io/sbomqs:v0.1.7image and found multiple vulnerabilities. Below are the details of the scan:Repository scanning
Whereas on repository scanning didn't found as such vulnerabilities.
$ trivy repository https://github.com/interlynk-io/sbomqs 2024-07-22T22:21:27+05:30 INFO Vulnerability scanning is enabled 2024-07-22T22:21:27+05:30 INFO Secret scanning is enabled 2024-07-22T22:21:27+05:30 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-07-22T22:21:27+05:30 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection Enumerating objects: 743, done. Counting objects: 100% (743/743), done. Compressing objects: 100% (442/442), done. Total 743 (delta 489), reused 480 (delta 283), pack-reused 0 2024-07-22T22:21:30+05:30 INFO Number of language-specific files num=1 2024-07-22T22:21:30+05:30 INFO [gomod] Detecting vulnerabilities...Solution
We should patch up this vulnerabilities.
The text was updated successfully, but these errors were encountered: