-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm chartmuseum image vulnerabilities #512
Comments
hi @olivejing, most of these findings have been resolved and will be included in the next release. There are a few related to various transitive dependencies (like github.com/dgrijalva/jwt-go) that need to be tracked down. |
Also see https://artifacthub.io/packages/helm/chartmuseum/chartmuseum?modal=security-report for more image vulnerabilities . |
@nerdeveloper yep a new release will pull the latest version. All of these have been resolved besides CVE-2020-26160, but lets track that one in #567 and close this issue. |
@cbuto jwt-go is an indirect dependency and is included by our upstream's upstream :( |
I prefer to reopen this issue to track containerd's security issue reported by our dependabot bot here , and also depends on helm's upgrade helm/helm#10717 |
@scbizu the containerd CVEs reported in this issue are different then the CVE that dependabot is reporting. These CVEs have been resolved. |
oh, sorry . Should we close this one and open a new issue to track ? |
No problem! Yeah it might be a good idea to track that one separately |
Closes this one due to the #568 will track all CVE issues |
I used v0.13.1, helm chartmuseum image vulnerabilities were found during trivy scan.
The text was updated successfully, but these errors were encountered: