Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Critical And High vulnerabilities that are resolved for artifact-manager #331

Closed
Michaelpalacce opened this issue Jul 15, 2024 · 0 comments · Fixed by #420
Closed

Fix Critical And High vulnerabilities that are resolved for artifact-manager #331

Michaelpalacce opened this issue Jul 15, 2024 · 0 comments · Fixed by #420
Assignees
@bcpmihail
Labels
area/dependencies Relates to updates to dependency file(s) area/maven Relates to maven changes effort/high kind/security Security changes lang/java Related to Java Code priority/critical triage/accepted The issue was accepted and will be done

Comments

@Michaelpalacce
Copy link
Collaborator

Description

As a result of this issue trivy reported vulnerabilities in common/artifact-manager that are CRITICAL and HIGH level. Take a look at what was reported and fix it. You can run trivy locally after installing it like so (in the project root):

trivy fs --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --skip-dirs "**/target/*"  common/artifact-manager
@Michaelpalacce Michaelpalacce added area/dependencies Relates to updates to dependency file(s) lang/java Related to Java Code area/maven Relates to maven changes triage/accepted The issue was accepted and will be done priority/critical kind/security Security changes labels Jul 15, 2024
@Michaelpalacce Michaelpalacce changed the title Fix Critical And High vulnerabilities that are resolved for `artifact-manager Fix Critical And High vulnerabilities that are resolved for artifact-manager Jul 15, 2024
@bcpmihail bcpmihail self-assigned this Sep 12, 2024
@bcpmihail bcpmihail mentioned this issue Sep 17, 2024
Merged
9 tasks
@bcpmihail bcpmihail linked a pull request Sep 17, 2024 that will close this issue
[artifact-manager] (#331) Fix CRITICAL and HIGH level vulnerabilities #420
Merged
9 tasks
Michaelpalacce added a commit that referenced this issue Sep 20, 2024
@Michaelpalacce
Merge pull request #420 from vmware/feature/331-fix-trivy-vulnerabili…
044b59a 
…ties

[artifact-manager] (#331) Fix CRITICAL and HIGH level vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bcpmihail bcpmihail

Labels
area/dependencies Relates to updates to dependency file(s) area/maven Relates to maven changes effort/high kind/security Security changes lang/java Related to Java Code priority/critical triage/accepted The issue was accepted and will be done
Projects
None yet
Milestone
No milestone
2 participants
@Michaelpalacce @bcpmihail