Skip to content

Commit

Permalink
Add SBOM and Vulnerability Reports
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Jan 19, 2025
1 parent e1f0583 commit 4b01daf
Show file tree
Hide file tree
Showing 12 changed files with 140,117 additions and 24,676 deletions.
24,932 changes: 12,259 additions & 12,673 deletions .sboms/amd64.json
View file

Large diffs are not rendered by default.

92 changes: 48 additions & 44 deletions .sboms/amd64.txt
View file

Large diffs are not rendered by default.

23,372 changes: 11,481 additions & 11,891 deletions .sboms/arm64.json
View file

Large diffs are not rendered by default.

92 changes: 48 additions & 44 deletions .sboms/arm64.txt
View file

Large diffs are not rendered by default.

57,824 changes: 57,824 additions & 0 deletions .sboms/v2.0.1-amd64.json
View file

Large diffs are not rendered by default.

238 changes: 238 additions & 0 deletions .sboms/v2.0.1-amd64.txt
View file

Large diffs are not rendered by default.

57,821 changes: 57,821 additions & 0 deletions .sboms/v2.0.1-arm64.json
View file

Large diffs are not rendered by default.

238 changes: 238 additions & 0 deletions .sboms/v2.0.1-arm64.txt
View file

Large diffs are not rendered by default.

51 changes: 39 additions & 12 deletions .vulnerability-reports/amd64.txt
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,41 @@

sbominify:v1.0.3-amd64 (alpine 3.20.2)
sbominify:v2.0.1-amd64 (alpine 3.20.2)
======================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2024-6119 │ MEDIUM │ fixed │ 3.3.1-r3 │ 3.3.2-r0 │ openssl: Possible denial of service in X.509 name checks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6119 │
├────────────┤ │ │ │ │ │ │
│ libssl3 │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Total: 4 (UNKNOWN: 0, LOW: 2, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2024-6119 │ MEDIUM │ fixed │ 3.3.1-r3 │ 3.3.2-r0 │ openssl: Possible denial of service in X.509 name checks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6119 │
│ ├───────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤
│ │ CVE-2024-9143 │ LOW │ │ │ 3.3.2-r1 │ openssl: Low-level invalid GF(2^m) parameters lead to OOB │
│ │ │ │ │ │ │ memory access │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-9143 │
├────────────┼───────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤
│ libssl3 │ CVE-2024-6119 │ MEDIUM │ │ │ 3.3.2-r0 │ openssl: Possible denial of service in X.509 name checks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6119 │
│ ├───────────────┼──────────┤ │ ├───────────────┼───────────────────────────────────────────────────────────┤
│ │ CVE-2024-9143 │ LOW │ │ │ 3.3.2-r1 │ openssl: Low-level invalid GF(2^m) parameters lead to OOB │
│ │ │ │ │ │ │ memory access │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-9143 │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

usr/local/bin/syft (gobinary)
=============================
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 1)

┌─────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ github.com/go-git/go-git/v5 │ CVE-2025-21613 │ CRITICAL │ fixed │ v5.12.0 │ 5.13.0 │ go-git: argument injection via the URL field │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-21613 │
│ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────┤
│ │ CVE-2025-21614 │ HIGH │ │ │ │ go-git: go-git clients vulnerable to DoS via maliciously │
│ │ │ │ │ │ │ crafted Git server replies... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-21614 │
├─────────────────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ │ │ v0.32.0 │ 0.33.0 │ golang.org/x/net/html: Non-linear parsing of │
│ │ │ │ │ │ │ case-insensitive content in golang.org/x/net/html │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45338 │
└─────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Loading

0 comments on commit 4b01daf

Please sign in to comment.