Christian Dupuis
Christian Dupuis
@DarthSim, thanks for raising this. Sorry for the inconvenience. I _think_ this is similar or related to #120. We have work in progress to address the issues around Go module...
The fix was released.
As per Debian's own security team at https://security-tracker.debian.org/tracker/CVE-2023-29383, this is not treated as a _Debian Security Advisory (DSA)_ (as indicated by `[bookworm] - shadow (Minor issue)`). That's why Scout doesn't...
[CVE-2023-3164](https://security-tracker.debian.org/tracker/CVE-2023-3164) doesn't have the same structured meta data. Therefore it is not formally marked as no-dsa.
@mcandre, this is another issue with the different interpretations of the OCI spec. While `docker build` supports creating images with names like `SecOps/hello-world-ant` other commands don't support them. Those names...
@juanluisbaptiste, for Scout to properly report CVEs, a distribution needs to provide its own CVE feed and that CVE feed needs to be processed by the Scout backend on a...
Awesome, let me take a look. Could you provide some links to Docker Hub images that I could test this with?
@mcandre, thanks for raising this. Scout has the same CVE as Snyk at https://scout.docker.com/vulnerabilities/id/CVE-2025-11579. Could you point me at an image where Scout is not reporting this CVE but Snyk...
The data in this advisory is interesting; ``` "affected": [ { "package": { "ecosystem": "npm", "name": "uptime-kuma" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "1.15.0" }, {...
Have you tried the `--locations` flag with `docker scout cves`?