grype | A vulnerability scanner for container images and filesystems | Continuous Deployment library
kandi X-RAY | grype Summary
kandi X-RAY | grype Summary
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of grype
grype Key Features
grype Examples and Code Snippets
Community Discussions
Trending Discussions on grype
QUESTION
I'm using spring-cloud-starter-gateway
and spring-boot-starter-webflux
from spring-cloud-dependencies:2020.0.4
, packing everything in a docker image.
All my routes are written with RouteLocatorBuilder
from spring cloud.
Scanning the image with Grype, I get the following vulnerabilites:
Latest reactor-netty-http:1.0.13
still doesn't have these fixed.
I'd like to resolve these issues. Any suggestions?
[UPDATE]
Wrote to Grype's Github for further investigation. It does seem these are false positives, as Andreas mentioned below. Enforcing latest netty
in my BOM for now.
ANSWER
Answered 2021-Nov-11 at 10:26I suppose these are false positives as reactor-netty-http
did not had the vulnerability it was HttpObjectDecoder.java in Netty before 4.1.44
. The regex provided by https://nvd.nist.gov/vuln/detail/CVE-2019-20444 are sometimes too unspecific.
According to the docs you can suppress the false positives following this guide: https://github.com/anchore/grype#specifying-matches-to-ignore
If you are using maven
you could just add (but you don't have to because these are false positives):
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install grype
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page