How to identify security vulnerability is getting fixed without updating chart #2066

Kartikey-star · 2022-06-16T12:29:09Z

Kartikey-star
Jun 16, 2022

Hi,
I have been notified that my chart has a security vulnerability due to a go package. I have bumped the version to the prescribed version ,but how can i be sure that the cve is resolved without updating my chart in artifact hub repo.

Answered by tegioz

Jun 16, 2022

Hi @Kartikey-star 👋

Artifact Hub uses Trivy to generate the security reports. You can download it and run it locally to make sure everything is all right before updating your chart 🙂

View full answer

tegioz · 2022-06-16T13:20:56Z

tegioz
Jun 16, 2022
Maintainer

Hi @Kartikey-star 👋

Artifact Hub uses Trivy to generate the security reports. You can download it and run it locally to make sure everything is all right before updating your chart 🙂

1 reply

Kartikey-star Jun 17, 2022
Author

Thanks @tegioz. That was really helpful .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to identify security vulnerability is getting fixed without updating chart #2066

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

How to identify security vulnerability is getting fixed without updating chart #2066

Kartikey-star Jun 16, 2022

Replies: 1 comment · 1 reply

tegioz Jun 16, 2022 Maintainer

Kartikey-star Jun 17, 2022 Author

Kartikey-star
Jun 16, 2022

Replies: 1 comment 1 reply

tegioz
Jun 16, 2022
Maintainer

Kartikey-star Jun 17, 2022
Author