Skip to content

Update Digests (+ grype)#3

Open
github-actions[bot] wants to merge 1 commit intomainfrom
grype-scan
Open

Update Digests (+ grype)#3
github-actions[bot] wants to merge 1 commit intomainfrom
grype-scan

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Apr 3, 2025
edited
Loading

Update images digests

NONE

Changes

Details 
diff --git a/.ko.yaml b/.ko.yaml
index e8232ef..7ef1e9d 100644
--- a/.ko.yaml
+++ b/.ko.yaml
@@ -1 +1 @@
-defaultBaseImage: cgr.dev/chainguard/kubectl:latest-dev@sha256:d5f340d044438351413d6cb110f6f8a2abc45a7149aa53e6ade719f069fc3b0a
+defaultBaseImage: cgr.dev/chainguard/kubectl:latest-dev@sha256:349bd07f4583fa3f57366059127eb1e0ab3fa84e8e1ace84f6ee922801601498
diff --git a/Dockerfile b/Dockerfile
index 6394767..ec6c889 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1 +1 @@
-FROM cgr.dev/chainguard/busybox:latest@sha256:257157f6c6aa88dd934dcf6c2f140e42c2653207302788c0ed3bebb91c5311e1
+FROM cgr.dev/chainguard/busybox:latest@sha256:ecc152fe3dece44e60d1aa0fbbefb624902b4af0e2ed8c2c84dfbce653ff064f
diff --git a/job.yaml b/job.yaml
index b45c500..4c812fd 100644
--- a/job.yaml
+++ b/job.yaml
@@ -8,7 +8,7 @@ spec:
     spec:
       restartPolicy: Never
       initContainers:
-      - image: cgr.dev/chainguard/cosign:latest-dev@sha256:09653ac03c1ac1502c3e3a8831ee79252414e4d659b423b71fb7ed8b097e9c88
-      - image: cgr.dev/chainguard/python:latest@sha256:fb0da8091fbdfbc7180f30f4e90940a65407979f3a6b26ee4951ac103b6d9e53
-      - image: registry.access.redhat.com/ubi9/openjdk-17-runtime:latest@sha256:3a241e7546d51ef6a15c7e524a43a5f9ebc9732b4d05073cef28c165a5318e9a
-      - image: chainguard/node:latest-dev@sha256:4f5d4f180749df83b007b2819e3094210742853395deb0cac28f3ce80433d308
+      - image: cgr.dev/chainguard/cosign:latest-dev@sha256:72139d03e46049e231b5edc0e24b10a4e37abe7b40672bc0ff57421c5266d714
+      - image: cgr.dev/chainguard/python:latest@sha256:136aad7020e00a98f617f3d3343cc7601b7823405eb2bc581eae5f5a8c21e8d0
+      - image: registry.access.redhat.com/ubi9/openjdk-17-runtime:latest@sha256:3395a6895e50c0526139b37759b6fa2c0b781f6ba4156cfe1dcdba8aea65a260
+      - image: chainguard/node:latest-dev@sha256:16a3ebe22cd42d944833cc121e321f1fc9550c4c7c73f33fea720e67acafbac5

@ghost
Copy link

ghost commented Apr 3, 2025
edited by ghost
Loading

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities
Data Finding Sensitive Data
Secret Finding Secrets
IaC Misconfiguration IaC Misconfigurations 1 High 1 Medium 1 Low
Total 1 High 1 Medium 1 Low

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@github-actions
Copy link
Author

github-actions bot commented Apr 3, 2025
edited
Loading

Results of grype for each image.

cgr.dev/chainguard/busybox:latest ✅

sha256:ecc152fe3dece44e60d1aa0fbbefb624902b4af0e2ed8c2c84dfbce653ff064f

Details

No vulnerabilities found.

cgr.dev/chainguard/kubectl:latest-dev ✅

sha256:349bd07f4583fa3f57366059127eb1e0ab3fa84e8e1ace84f6ee922801601498

Details

No vulnerabilities found.

cgr.dev/chainguard/cosign:latest-dev ✅

sha256:72139d03e46049e231b5edc0e24b10a4e37abe7b40672bc0ff57421c5266d714

Details

No vulnerabilities found.

cgr.dev/chainguard/python:latest ✅

sha256:136aad7020e00a98f617f3d3343cc7601b7823405eb2bc581eae5f5a8c21e8d0

Details

No vulnerabilities found.

registry.access.redhat.com/ubi9/openjdk-17-runtime:latest 🚫

sha256:3395a6895e50c0526139b37759b6fa2c0b781f6ba4156cfe1dcdba8aea65a260

Details

Vulnerabilities

Name Version State CVE Severity
expat 2.5.0-5.el9_6 not-fixed CVE-2025-59375 High
tar 2:1.34-7.el9 wont-fix CVE-2005-2541 Medium
python3 3.9.23-2.el9 not-fixed CVE-2025-8291 Medium
python3-libs 3.9.23-2.el9 not-fixed CVE-2025-8291 Medium
curl-minimal 7.76.1-34.el9 not-fixed CVE-2025-9086 Medium
libcurl-minimal 7.76.1-34.el9 not-fixed CVE-2025-9086 Medium
python3 3.9.23-2.el9 not-fixed CVE-2025-6069 Medium
python3-libs 3.9.23-2.el9 not-fixed CVE-2025-6069 Medium
tar 2:1.34-7.el9 not-fixed CVE-2025-45582 Medium
python3-pip-wheel 21.3.1-1.el9 not-fixed CVE-2023-45803 Medium
cups-libs 1:2.3.3op2-34.el9_7 wont-fix CVE-2023-4504 Medium
systemd-libs 252-55.el9_7.2 not-fixed CVE-2025-4598 Medium
sqlite-libs 3.34.1-9.el9_7 not-fixed CVE-2025-52099 Medium
expat 2.5.0-5.el9_6 wont-fix CVE-2013-0340 Medium
libxml2 2.9.13-12.el9_6 not-fixed CVE-2025-9714 Medium
python3 3.9.23-2.el9 not-fixed CVE-2025-4516 Medium
python3-libs 3.9.23-2.el9 not-fixed CVE-2025-4516 Medium
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-60753 Medium
curl-minimal 7.76.1-34.el9 not-fixed CVE-2025-10966 Medium
libcurl-minimal 7.76.1-34.el9 not-fixed CVE-2025-10966 Medium
coreutils-single 8.32-39.el9 not-fixed CVE-2025-5278 Medium
libarchive 3.5.3-6.el9_6 wont-fix CVE-2023-30571 Medium
python3-pip-wheel 21.3.1-1.el9 not-fixed CVE-2025-50181 Medium
python3-pip-wheel 21.3.1-1.el9 not-fixed CVE-2025-50182 Medium
lz4-libs 1.9.3-5.el9 not-fixed CVE-2025-62813 Medium
curl-minimal 7.76.1-34.el9 not-fixed CVE-2024-7264 Low
libcurl-minimal 7.76.1-34.el9 not-fixed CVE-2024-7264 Low
avahi-libs 0.8-23.el9 not-fixed CVE-2017-6519 Low
libxml2 2.9.13-12.el9_6 not-fixed CVE-2024-34459 Low
curl-minimal 7.76.1-34.el9 not-fixed CVE-2024-9681 Low
libcurl-minimal 7.76.1-34.el9 not-fixed CVE-2024-9681 Low
openssl-libs 1:3.5.1-4.el9_7 wont-fix CVE-2024-41996 Low
curl-minimal 7.76.1-34.el9 not-fixed CVE-2024-11053 Low
libcurl-minimal 7.76.1-34.el9 not-fixed CVE-2024-11053 Low
python3 3.9.23-2.el9 not-fixed CVE-2025-1795 Low
python3-libs 3.9.23-2.el9 not-fixed CVE-2025-1795 Low
python3-pip-wheel 21.3.1-1.el9 not-fixed CVE-2021-3572 Low
glib2 2.68.4-18.el9_7 not-fixed CVE-2023-32636 Low
nspr 4.36.0-4.el9_4 wont-fix CVE-2020-12413 Low
nss 3.112.0-4.el9_4 wont-fix CVE-2020-12413 Low
nss-softokn 3.112.0-4.el9_4 wont-fix CVE-2020-12413 Low
nss-softokn-freebl 3.112.0-4.el9_4 wont-fix CVE-2020-12413 Low
nss-sysinit 3.112.0-4.el9_4 wont-fix CVE-2020-12413 Low
nss-util 3.112.0-4.el9_4 wont-fix CVE-2020-12413 Low
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-1632 Low
libxml2 2.9.13-12.el9_6 not-fixed CVE-2025-27113 Low
openssl-libs 1:3.5.1-4.el9_7 not-fixed CVE-2024-13176 Low
libxml2 2.9.13-12.el9_6 not-fixed CVE-2023-45322 Low
pcre2 10.40-6.el9 not-fixed CVE-2022-41409 Low
pcre2-syntax 10.40-6.el9 not-fixed CVE-2022-41409 Low
ncurses-base 6.2-12.20210508.el9 not-fixed CVE-2023-50495 Low
ncurses-libs 6.2-12.20210508.el9 not-fixed CVE-2023-50495 Low
libgcc 11.5.0-11.el9 not-fixed CVE-2022-27943 Low
libstdc++ 11.5.0-11.el9 not-fixed CVE-2022-27943 Low
glib2 2.68.4-18.el9_7 not-fixed CVE-2025-3360 Low
cups-libs 1:2.3.3op2-34.el9_7 not-fixed CVE-2021-25317 Low
nspr 4.36.0-4.el9_4 not-fixed CVE-2024-7531 Low
nss 3.112.0-4.el9_4 not-fixed CVE-2024-7531 Low
nss-softokn 3.112.0-4.el9_4 not-fixed CVE-2024-7531 Low
nss-softokn-freebl 3.112.0-4.el9_4 not-fixed CVE-2024-7531 Low
nss-sysinit 3.112.0-4.el9_4 not-fixed CVE-2024-7531 Low
nss-util 3.112.0-4.el9_4 not-fixed CVE-2024-7531 Low
gawk 5.1.0-6.el9 not-fixed CVE-2023-4156 Low
tar 2:1.34-7.el9 not-fixed CVE-2023-39804 Low
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-5915 Low
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-5916 Low
openssl-libs 1:3.5.1-4.el9_7 not-fixed CVE-2025-9232 Low
sqlite-libs 3.34.1-9.el9_7 not-fixed CVE-2024-0232 Low
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-5918 Low
gnupg2 2.3.3-4.el9 not-fixed CVE-2025-30258 Low
python3 3.9.23-2.el9 not-fixed CVE-2025-6075 Low
python3-libs 3.9.23-2.el9 not-fixed CVE-2025-6075 Low
gnupg2 2.3.3-4.el9 not-fixed CVE-2022-3219 Low
libarchive 3.5.3-6.el9_6 not-fixed CVE-2025-5917 Low
libxml2 2.9.13-12.el9_6 not-fixed CVE-2025-6170 Low
java-17-openjdk-headless 1:17.0.17.0.10-1.el9 not-fixed CVE-2022-3857 Low
java-17-openjdk-headless 1:17.0.17.0.10-1.el9 not-fixed CVE-2023-2004 Negligible

chainguard/node:latest-dev 🚫

sha256:16a3ebe22cd42d944833cc121e321f1fc9550c4c7c73f33fea720e67acafbac5

Details

Vulnerabilities

Name Version State CVE Severity
glob 11.0.3 fixed GHSA-5j98-mcp5-4vw2 High

@github-actions github-actions bot force-pushed the grype-scan branch 3 times, most recently from 6b5ccd4 to f3c47bb Compare April 6, 2025 00:27
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from d96064a to 25676e3 Compare April 20, 2025 00:28
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 6f98e2f to 0711c10 Compare May 11, 2025 00:28
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 35b83fe to 31ab17c Compare May 27, 2025 08:23
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 2a3c475 to c87abf0 Compare June 8, 2025 00:30
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 52b9a47 to dc68eac Compare June 22, 2025 00:30
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from a3ab41a to 7da6819 Compare July 6, 2025 00:30
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 616b9f9 to f00ca2e Compare July 13, 2025 00:31
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from a06d4c0 to ad90ae0 Compare August 10, 2025 00:32
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 69d8f12 to d73292a Compare August 24, 2025 00:29
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 9c74fe5 to f891520 Compare September 7, 2025 00:27
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from c6c7045 to 907b891 Compare October 5, 2025 00:28
@github-actions github-actions bot force-pushed the grype-scan branch 2 times, most recently from 1492061 to adb3c12 Compare October 26, 2025 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ribbybibby