You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For vulnerability scanning it's valuable to have a full SBOM of metal-stack images, containing all dependencies, at hand.
This could be accomplished e.g. with syft:
This can be published as GitHub release artifact.
After that, a scanner may use that information to gather vulnerabilities already during build time but potentially also later.
trivy sbom sbom.json --severity <SEVERITY_FILTER>
Risk acceptance can also be documented with a .trivyignore.yaml config:
vulnerabilities:
- id: CVE-2023-41361statement: Accept the risk because we have FRR version >9 installed - s. https://frrouting.org/security
The text was updated successfully, but these errors were encountered:
For vulnerability scanning it's valuable to have a full SBOM of metal-stack images, containing all dependencies, at hand.
This could be accomplished e.g. with syft:
syft quay.io/metalstack/debian:12 -o cyclonedx-json > sbom.jsonThis can be published as GitHub release artifact.
After that, a scanner may use that information to gather vulnerabilities already during build time but potentially also later.
trivy sbom sbom.json --severity <SEVERITY_FILTER>Risk acceptance can also be documented with a
.trivyignore.yamlconfig:The text was updated successfully, but these errors were encountered: