Skip to content

Trivy scan findings for really old versions

Summary

In Eclipse HawkBit project we found some vulnerabilities found by Trivy scans for really old versions - 0.3.0M2 (released in 2018/2019). Currently we have 0.5.0 as latest version of hawkBit.

Steps to reproduce

https://github.com/eclipse-hawkbit/hawkbit/security/code-scanning/135

What is the current bug behavior?

Trivy scan find old verwsion vulnerabilities

What is the expected correct behavior?

Trivy scan should find only current version vulnerabilities.

Relevant logs and/or screenshots

https://github.com/eclipse-hawkbit/hawkbit/security/code-scanning/135

Priority

  • Urgent
  • High
  • Medium
  • Low

Severity

  • Blocker
  • Major
  • Normal
  • Low

Impact

We want to release hawkbit these days and we need to know what is the problem with this vulnerabilities. We can wave them of course if they are false positive and this does not block the release.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent