updated trivy scan results

suxess-it · Jan 8, 2025 · 09f3793 · 09f3793
1 parent 684a2ea
commit 09f3793
Show file tree

Hide file tree

Showing 11 changed files with 94 additions and 572 deletions.
diff --git a/trivy-reports/report-argocd_argocd_v2.13.2.md b/trivy-reports/report-argocd_argocd_v2.13.2.md
@@ -3,7 +3,7 @@
 <h4>No Vulnerabilities found</h4>
 <h4>No Misconfigurations found</h4>
 <h3>Target <code>usr/local/bin/argocd</code></h3>
-<h4>Vulnerabilities (3)</h4>
+<h4>Vulnerabilities (4)</h4>
 <table>
     <tr>
         <th>Package</th>
@@ -12,6 +12,13 @@
         <th>Installed Version</th>
         <th>Fixed Version</th>
     </tr>
+    <tr>
+        <td><code>github.com/go-git/go-git/v5</code></td>
+        <td>CVE-2025-21613</td>
+        <td>CRITICAL</td>
+        <td>v5.12.0</td>
+        <td>5.13.0</td>
+    </tr>
     <tr>
         <td><code>github.com/go-git/go-git/v5</code></td>
         <td>CVE-2025-21614</td>

diff --git a/trivy-reports/report-backstage_sx-backstage_v1.32.5.md b/trivy-reports/report-backstage_sx-backstage_v1.32.5.md
@@ -1,6 +1,6 @@
 
 <h3>Target <code>ghcr.io/suxess-it/sx-backstage:v1.32.5 (debian 12.7)</code></h3>
-<h4>Vulnerabilities (114)</h4>
+<h4>Vulnerabilities (113)</h4>
 <table>
     <tr>
         <th>Package</th>
@@ -338,13 +338,6 @@
         <td>6.1.112-1</td>
         <td>6.1.115-1</td>
     </tr>
-    <tr>
-        <td><code>linux-libc-dev</code></td>
-        <td>CVE-2024-49967</td>
-        <td>HIGH</td>
-        <td>6.1.112-1</td>
-        <td>6.1.115-1</td>
-    </tr>
     <tr>
         <td><code>linux-libc-dev</code></td>
         <td>CVE-2024-49969</td>

diff --git a/trivy-reports/report-k8s-monitoring_alloy_v1.5.1.md b/trivy-reports/report-k8s-monitoring_alloy_v1.5.1.md
@@ -3,7 +3,7 @@
 <h4>No Vulnerabilities found</h4>
 <h4>No Misconfigurations found</h4>
 <h3>Target <code>usr/bin/alloy</code></h3>
-<h4>Vulnerabilities (3)</h4>
+<h4>Vulnerabilities (4)</h4>
 <table>
     <tr>
         <th>Package</th>
@@ -12,6 +12,13 @@
         <th>Installed Version</th>
         <th>Fixed Version</th>
     </tr>
+    <tr>
+        <td><code>github.com/go-git/go-git/v5</code></td>
+        <td>CVE-2025-21613</td>
+        <td>CRITICAL</td>
+        <td>v5.11.0</td>
+        <td>5.13.0</td>
+    </tr>
     <tr>
         <td><code>github.com/go-git/go-git/v5</code></td>
         <td>CVE-2025-21614</td>

diff --git a/trivy-reports/report-kargo_kargo_v1.1.2.md b/trivy-reports/report-kargo_kargo_v1.1.2.md
@@ -32,7 +32,7 @@
 </table>
 <h4>No Misconfigurations found</h4>
 <h3>Target <code>usr/local/bin/kargo</code></h3>
-<h4>Vulnerabilities (3)</h4>
+<h4>Vulnerabilities (4)</h4>
 <table>
     <tr>
         <th>Package</th>
@@ -41,6 +41,13 @@
         <th>Installed Version</th>
         <th>Fixed Version</th>
     </tr>
+    <tr>
+        <td><code>github.com/go-git/go-git/v5</code></td>
+        <td>CVE-2025-21613</td>
+        <td>CRITICAL</td>
+        <td>v5.12.0</td>
+        <td>5.13.0</td>
+    </tr>
     <tr>
         <td><code>github.com/go-git/go-git/v5</code></td>
         <td>CVE-2025-21614</td>

diff --git a/trivy-reports/report-kyverno_kyverno-cli_v1.13.2.md b/trivy-reports/report-kyverno_kyverno-cli_v1.13.2.md
@@ -3,7 +3,7 @@
 <h4>No Vulnerabilities found</h4>
 <h4>No Misconfigurations found</h4>
 <h3>Target <code>ko-app/kubectl-kyverno</code></h3>
-<h4>Vulnerabilities (3)</h4>
+<h4>Vulnerabilities (4)</h4>
 <table>
     <tr>
         <th>Package</th>
@@ -12,6 +12,13 @@
         <th>Installed Version</th>
         <th>Fixed Version</th>
     </tr>
+    <tr>
+        <td><code>github.com/go-git/go-git/v5</code></td>
+        <td>CVE-2025-21613</td>
+        <td>CRITICAL</td>
+        <td>v5.12.0</td>
+        <td>5.13.0</td>
+    </tr>
     <tr>
         <td><code>github.com/go-git/go-git/v5</code></td>
         <td>CVE-2025-21614</td>

diff --git a/trivy-reports/report-tempo_tempo-query_2.5.0.md b/trivy-reports/report-tempo_tempo-query_2.5.0.md
diff --git a/trivy-reports/report-tempo_tempo-query_2.6.1.md b/trivy-reports/report-tempo_tempo-query_2.6.1.md
@@ -0,0 +1,23 @@
+
+<h3>Target <code>grafana/tempo-query:2.6.1 (alpine 3.20.3)</code></h3>
+<h4>No Vulnerabilities found</h4>
+<h4>No Misconfigurations found</h4>
+<h3>Target <code>tempo-query</code></h3>
+<h4>Vulnerabilities (1)</h4>
+<table>
+    <tr>
+        <th>Package</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+    </tr>
+    <tr>
+        <td><code>golang.org/x/net</code></td>
+        <td>CVE-2024-45338</td>
+        <td>HIGH</td>
+        <td>v0.27.0</td>
+        <td>0.33.0</td>
+    </tr>
+</table>
+<h4>No Misconfigurations found</h4>
diff --git a/trivy-reports/report-tempo_tempo_2.5.0.md b/trivy-reports/report-tempo_tempo_2.5.0.md
diff --git a/trivy-reports/report-tempo_tempo_2.6.1.md b/trivy-reports/report-tempo_tempo_2.6.1.md
@@ -0,0 +1,30 @@
+
+<h3>Target <code>grafana/tempo:2.6.1 (alpine 3.20.3)</code></h3>
+<h4>No Vulnerabilities found</h4>
+<h4>No Misconfigurations found</h4>
+<h3>Target <code>tempo</code></h3>
+<h4>Vulnerabilities (2)</h4>
+<table>
+    <tr>
+        <th>Package</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+    </tr>
+    <tr>
+        <td><code>golang.org/x/crypto</code></td>
+        <td>CVE-2024-45337</td>
+        <td>CRITICAL</td>
+        <td>v0.25.0</td>
+        <td>0.31.0</td>
+    </tr>
+    <tr>
+        <td><code>golang.org/x/net</code></td>
+        <td>CVE-2024-45338</td>
+        <td>HIGH</td>
+        <td>v0.27.0</td>
+        <td>0.33.0</td>
+    </tr>
+</table>
+<h4>No Misconfigurations found</h4>