Update VEX Hub reports (#72)

rancher · Jan 17, 2025 · 1d30ba8 · 1d30ba8
1 parent 79454f8
commit 1d30ba8
Show file tree

Hide file tree

Showing 4 changed files with 3,674 additions and 3,607 deletions.
diff --git a/index.json b/index.json
@@ -781,6 +781,10 @@
       "id": "pkg:golang/k8s.io/apiserver",
       "location": "pkg/golang/k8s.io/apiserver/scan.openvex.json"
     },
+    {
+      "id": "pkg:golang/k8s.io/autoscaler/addon-resizer",
+      "location": "pkg/golang/k8s.io/autoscaler/addon-resizer/scan.openvex.json"
+    },
     {
       "id": "pkg:golang/k8s.io/client-go",
       "location": "pkg/golang/k8s.io/client-go/scan.openvex.json"

diff --git a/pkg/golang/k8s.io/autoscaler/addon-resizer/scan.openvex.json b/pkg/golang/k8s.io/autoscaler/addon-resizer/scan.openvex.json
@@ -0,0 +1,36 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://openvex.dev/docs/public/vex-448cca1c5fcf94ecb7030d60b08ef39b387f34f5faaa2be0e8e1f61f31124f1b",
+  "author": "Rancher Security team",
+  "timestamp": "2024-07-12T17:54:37.399069972-03:00",
+  "last_updated": "2025-01-17T21:03:04.111962761Z",
+  "version": 2,
+  "statements": [
+    {
+      "vulnerability": {
+        "name": "GO-2024-3333",
+        "aliases": [
+          "CVE-2024-45338",
+          "GHSA-w32m-9786-jp63"
+        ]
+      },
+      "timestamp": "2025-01-17T21:03:04.111963081Z",
+      "products": [
+        {
+          "@id": "pkg:golang/k8s.io/autoscaler/addon-resizer",
+          "subcomponents": [
+            {
+              "@id": "pkg:golang/golang.org/x/net@v0.23.0"
+            },
+            {
+              "@id": "pkg:golang/golang.org/x/net@0.23.0"
+            }
+          ]
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_not_present",
+      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
+    }
+  ]
+}