Trivy vulnerabilities

[akutuev]

Hello,

Running trivy, I see there are few vulnerabilities in version 1.4.4:

Might I ask you to take a look please?

Thanks

[dwickr]

This likely will be fixed by #1601

[aramase]

v1.4.5 released and doesn't contain any CVEs.

➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/csi-secrets-store/driver:v1.4.5
2024-08-20T14:00:08.934-0700	INFO	Need to update DB
2024-08-20T14:00:08.934-0700	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2024-08-20T14:00:08.934-0700	INFO	Downloading DB...
51.71 MiB / 51.71 MiB [-------------------------------------------------------------------------------------------------------------------------------] 100.00% 23.19 MiB p/s 2.4s
2024-08-20T14:00:12.403-0700	INFO	Vulnerability scanning is enabled
2024-08-20T14:00:12.403-0700	INFO	Secret scanning is enabled
2024-08-20T14:00:12.403-0700	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-20T14:00:12.403-0700	INFO	Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-08-20T14:00:15.428-0700	INFO	Detected OS: debian
2024-08-20T14:00:15.428-0700	INFO	Detecting Debian vulnerabilities...
2024-08-20T14:00:15.436-0700	INFO	Number of language-specific files: 1
2024-08-20T14:00:15.437-0700	INFO	Detecting gobinary vulnerabilities...

registry.k8s.io/csi-secrets-store/driver:v1.4.5 (debian 12.6)

Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Closing this issue now. As per cadence, the next release will be next month.

/close

[k8s-ci-robot]

@aramase: Closing this issue.

In response to this:

v1.4.5 released and doesn't contain any CVEs.

➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/csi-secrets-store/driver:v1.4.5
2024-08-20T14:00:08.934-0700	INFO	Need to update DB
2024-08-20T14:00:08.934-0700	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2024-08-20T14:00:08.934-0700	INFO	Downloading DB...
51.71 MiB / 51.71 MiB [-------------------------------------------------------------------------------------------------------------------------------] 100.00% 23.19 MiB p/s 2.4s
2024-08-20T14:00:12.403-0700	INFO	Vulnerability scanning is enabled
2024-08-20T14:00:12.403-0700	INFO	Secret scanning is enabled
2024-08-20T14:00:12.403-0700	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-20T14:00:12.403-0700	INFO	Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-08-20T14:00:15.428-0700	INFO	Detected OS: debian
2024-08-20T14:00:15.428-0700	INFO	Detecting Debian vulnerabilities...
2024-08-20T14:00:15.436-0700	INFO	Number of language-specific files: 1
2024-08-20T14:00:15.437-0700	INFO	Detecting gobinary vulnerabilities...

registry.k8s.io/csi-secrets-store/driver:v1.4.5 (debian 12.6)

Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Closing this issue now. As per cadence, the next release will be next month.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.