namandf

Results 5 comments of namandf

Failed to get report for artifact , Unexpected EOF Trivy scan issue

Hi, Still seeing similar issues in latest version of trivy https://github.com/aquasecurity/trivy/issues/3807

Duplicate packages detected in case of Trivy image scan for the same target, class, type , filepath and layer

Thanks @knqyf263 . Would be great if someone can help with https://github.com/aquasecurity/trivy/discussions/3442 as well.

fix(sbom): fix incompliant license format for spdx

Looking forward to this change. The spdx report currently seems to be invalid according to https://tools.spdx.org/app/validate/

[GHSA-g5h3-w546-pj7f] Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

Hi @CallmeMari , The description states that all older unsupported versions could be susceptible. Maven suggests that all versions 2.0.x, 2.1.x,.2.2.x,.2.3.x,2.4.x etc are vulnerable. https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator-autoconfigure Eg. https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator-autoconfigure/2.3.12.RELEASE

[GHSA-g5h3-w546-pj7f] Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

Hi @CallmeMari , Hope you are doing great. Intended to check if there's an update.