AndreyLevchenko
AndreyLevchenko
The [UI app](https://github.com/aquasecurity/postee/blob/main/PosteeUI.md) has REST API to load/save config: https://github.com/aquasecurity/postee/blob/main/ui/backend/uiserver/server.go#L50-L51 payload is yaml and authentication is basic
Hi @simar7 Yes I can split it to several PRs like: - API itself - DB improvements (most probably I just drop it) - Logging But I think it may...
Hi I don't think the warning related with jackson-core vulnerability detected. Can you add a bit more output for the vulnerability found? Thanks
Hi guys Yes dependencies which are included into jar are scanned. But I need to point out the difference between @sospirited and @ayush42 cases. In last case `reactor-netty-http` has no...
Hi Latest versions of Trivy return path to affected jars in json format. Here is example: ``` trivy -q rootfs -f json | jq ' .Results[].Vulnerabilities[] | {id: .VulnerabilityID, PkgName:...
> What motivates you to add this feature? Hi @knqyf263 I was going to ask you about it. I'm 100% agree it has no value for customers. But we would...
I suspect it won't work in some debug configs. It could be something other then cmd option but it would be nice to have cache bypass logic
Hi @aswath-s-tw Could you publish PR draft so we could review your code and suggest something related to tests
Hi @monwolf Thank you for your interest in Trivy. Trivy expects a lockfile. Could you generate one and re-test?
Hi @elchenberg According to our internal rules "Ubuntu CVE tracker" is used to check Ubuntu vulnerabilities https://aquasecurity.github.io/trivy/v0.36/docs/vulnerability/detection/data-source/ and this tracker count both vulnerabilities as "Medium": https://ubuntu.com/security/CVE-2022-23521 https://ubuntu.com/security/CVE-2022-41903