Mark D. Gray
Mark D. Gray
For rule core-006 the use of COPY is generally preferred, however the current rule reflects the inverse. Additional reference: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
The webhook server does not enforce a minimum TLS version of 1.2. TLS 1.0 and 1.1 are outdated and have known vulnerabilities.
This likely belongs in the trivy repository, but starting the conversation here as this is the context I am leveraging trivy (client/server via built-in server). Feature Request Summary: Objective: Improve...
Today it seems there is no limit or gate on the number of retries a resource will undergo leading to runaway retry attempts if an image is unable to be...
**What steps did you take and what happened:** When SBOM creation + SBOM cache is enabled, there are cases in which vulnerability reports get created without an image digest reference...
## Description This PR introduces two changes: - Support for SeveritySource and DataSource as optional fields in the report data. - Updated logic for determining the "score" value. The previous...
**What steps did you take and what happened:** When kubernetes objects to be scanned have long names, scan jobs will fail when SBOM creation is enabled due to object name...
## Description DRAFT POC PR in progress. ## Related issues - Close #2641 Remove this section if you don't have related PRs. ## Checklist - [ ] I've read the...
## Description This PR implements a predicate-based optimization for the WorkloadController that reduces unnecessary reconciliations by only triggering when the actual container specifications change, rather than on every metadata update....
This feature request proposes the addition of a cluster-wide image vulnerability cache mechanism to Trivy Operator. The goal is to reduce redundant vulnerability scans of container images by storing and...