Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE(s) found #2264

Closed
github-actions bot opened this issue Sep 19, 2024 · 2 comments
Closed

CVE(s) found #2264

github-actions bot opened this issue Sep 19, 2024 · 2 comments
Labels
cve type/bug Issue that reports an unexpected behaviour.
Milestone
0.36.0

Comments

@github-actions
Copy link

Latest buildpacksio/pack v0.35.1 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/pack/actions/runs/10933329037
@github-actions github-actions bot added cve status/triage Issue or PR that requires contributor attention. type/bug Issue that reports an unexpected behaviour. labels Sep 19, 2024
@natalieparellano natalieparellano added status/in-progress Issue or PR that is currently in progress. and removed status/triage Issue or PR that requires contributor attention. labels Nov 22, 2024
@natalieparellano natalieparellano added this to the 0.36.0 milestone Nov 22, 2024
@natalieparellano
Copy link
Member

These should be silenced in pack 0.36.0

@jjbustamante
Copy link
Member

After releasin pack 0.36.0

> grype buildpacksio/pack:0.36.0
 ✔ Vulnerability DB                [updated]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                                                                                 buildpacksio/pack:0.36.0
 ✔ Parsed image                                                                                  sha256:6f0e7e0f5755623577ce5c51137570402dd1abb38abd1aa55a88d3b3cc259db1
 ✔ Cataloged contents                                                                                   03bf6d102406e2171921130802984e1ab4b817af038302f96288d50d038f87e3
   ├── ✔ Packages                        [125 packages]  
   ├── ✔ File digests                    [942 files]  
   ├── ✔ File metadata                   [942 locations]  
   └── ✔ Executables                     [1 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found
A newer version of grype is available for download: 0.85.0 (installed version is 0.82.1)

@jjbustamante jjbustamante removed the status/in-progress Issue or PR that is currently in progress. label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve type/bug Issue that reports an unexpected behaviour.
Projects
None yet
Milestone
0.36.0
Development

No branches or pull requests
2 participants
@jjbustamante @natalieparellano