terrascan
terrascan copied to clipboard
Missing docker image for 1.19.1
- terrascan version:
- Operating System:
Description
The latest tag published at https://hub.docker.com/r/tenable/terrascan/tags is 1.18.11. It looks like the latest release published was 1.19.1. Can you publish this one as a Docker image as well?
Thanks
Same here, MegaLinter is using tenable:terrascan docker image, and 1.18.11 contains CVEs
┌────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/hashicorp/go-getter │ CVE-2024-3817 │ CRITICAL │ fixed │ v1.7.0 │ 1.7.4 │ HashiCorp\u2019s go-getter library is vulnerable to argument │
│ │ │ │ │ │ │ injection ... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-3817 │
├────────────────────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/moby/buildkit │ CVE-2024-23652 │ │ │ v0.8.3 │ 0.12.5 │ moby/buildkit: possible host system access from mount stub │
│ │ │ │ │ │ │ cleaner │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-23652 │
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-23653 │ │ │ │ │ moby/buildkit: Buildkit's interactive containers API does │
│ │ │ │ │ │ │ not validate entitlements check │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-23653 │
│ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-23651 │ HIGH │ │ │ │ moby/buildkit: possible race condition with accessing │
│ │ │ │ │ │ │ subpaths from cache mounts │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-23651 │
├────────────────────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ helm.sh/helm/v3 │ CVE-2024-26147 │ │ │ v3.6.1 │ 3.14.2 │ helm: Missing YAML Content Leads To Panic │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26147 │
└─────────────────────
@nmoretenable please could we have an ETA for the published docker image ? :)