From b6a5fc0f54bd9bbb03595469091294a88e4f9b3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 21:25:40 +0000 Subject: [PATCH 1/2] :dependabot: github-actions(deps): Bump aquasecurity/trivy-action Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.26.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8...a20de5420d57c4102486cdd9578b45609c99d7eb) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 0076d3a..b651c1a 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -30,7 +30,7 @@ jobs: - name: Scan id: scan - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: image-ref: ghcr.io/${{ github.repository }}:${{ github.sha }} severity: HIGH,CRITICAL From 27e4e2f0ba5ca8f4e0b6bb75089ca99c781349ba Mon Sep 17 00:00:00 2001 From: BrianEllwood Date: Thu, 10 Oct 2024 10:44:41 +0100 Subject: [PATCH 2/2] add CVE-2024-43882 to trivyignore --- .trivyignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 0000000..cc569c0 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,3 @@ +# In the Linux kernel, the following vulnerability has been resolved: +# exec: Fix ToCToU between perm check and set-uid/gid usage +CVE-2024-43882