You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
Related to bug reported in #1370, quay.io/calico/kube-controllers:v3.20.0 image does not have Go compiler but only contains a binary that was compiled with the Go compiler and statically linked against the Go runtime library.
What happened:
Related to bug reported in #1370,
quay.io/calico/kube-controllers:v3.20.0
image does not have Go compiler but only contains a binary that was compiled with the Go compiler and statically linked against the Go runtime library.The issue was fixed in anchore/syft#2195, however, now it's reporting false positive CVE's that only affect to Go compiler itself: CVE-2023-29402, CVE-2023-29404 and CVE-2023-29405:
What you expected to happen:
It should only report CVE-2023-29403 since that's the only vulnerability that affects the runtime library:
How to reproduce it (as minimally and precisely as possible):
Run
Anything else we need to know?:
Environment:
grype version
:cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: