You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible to check the results of your vulnerability scans, which are done every night with anchore-grype? This could be a good complement (I noticed that the results are shown in a txt file, but I couldn't find the results in this repository).
Thank you!
The text was updated successfully, but these errors were encountered:
Hello team,
I am writing to you because of the following:
Reviewing past vulnerabilities found in Kaniko, I encountered the Platform One log for hardened containers, and there is a Kaniko repo there as well:
Overview - Iron Bank
Iron Bank Containers / Opensource / Kaniko / Kaniko - GitLab
Iron Bank Containers / dccscr - GitLab
Now, checking their pipeline (they use some tools, like anchore-scan, openscap-compliance and twistlock-scan)
(https://repo1.dso.mil/dsop/opensource/kaniko/kaniko/-/pipelines/3142932)
I noticed that in their last scan, a vulnerability was found:
twistlock-scan (#33588235) - Jobs - Iron Bank Containers / Opensource / Kaniko / Kaniko - GitLab (CVE-2023-45288 - Moderate)
I understand that the scanned version in this repo, is kaniko:v1.22.0, which is the latest released version (Release 2024-03-26) Release v1.22.0 Release - GoogleContainerTools/kaniko
Questions:
Thank you!
The text was updated successfully, but these errors were encountered: