Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kots/1.117.5 package update #30365

Merged
merged 1 commit into from
Oct 8, 2024
Merged

kots/1.117.5 package update #30365

merged 1 commit into from
Oct 8, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Oct 8, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Oct 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2024

Package kots: Click to expand/collapse

Package kots:
Modified: /usr/bin/kots
Modified: /usr/bin/kotsadm

Package kots-symlink-compat: Click to expand/collapse

Package kots-symlink-compat:
Unchanged

malcontent found differences: Click to expand/collapse

Deleted: kots-symlink-compat/var/lib/db/sbom/kots-symlink-compat-1.117.4-r0.spdx.json [⚠️ MEDIUM]

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM net/download download files downloadLocation
-LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/edc0cb2074b76bf76f4ab8362bdf

Added: kots-symlink-compat/var/lib/db/sbom/kots-symlink-compat-1.117.5-r0.spdx.json [⚠️ MEDIUM]

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/8a8618a7cc6eb86dd1d7c0c2be02

Changed: /tmp/wolfictl-apk-656750591/kots/usr/bin/kotsadm

1 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM security_controls/linux/ufw interacts with the ufw firewall allow
deny
disable
enable
ufw

Changed: /tmp/wolfictl-apk-656750591/kots/usr/bin/kots

Moved: kots/var/lib/db/sbom/kots-1.117.4-r0.spdx.json -> /tmp/wolfictl-apk-656750591/kots/var/lib/db/sbom/kots-1.117.5-r0.spdx.json (similarity: 0.99)

@octo-sts octo-sts bot added the bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. label Oct 8, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Oct 8, 2024

malcontent detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/malcontent1378100500/packages/x86_64/kots-1.117.5-r0.apk/usr/bin/kots [🚨 CRITICAL]

| RISK | KEY | DESCRIPTION | EVIDENCE

@egibs egibs added the malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. label Oct 8, 2024
@mamccorm mamccorm merged commit 25e36cc into main Oct 8, 2024
15 checks passed
@mamccorm mamccorm deleted the wolfictl-27073d65-376a-4c2a-9f96-fde16d6a81af branch October 8, 2024 23:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mamccorm mamccorm mamccorm approved these changes

Assignees
No one assigned
Labels
automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mamccorm @egibs @wolfi-bot