Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: generate SARIF reports #575

Merged
merged 4 commits into from
Nov 1, 2023
Merged

ci: generate SARIF reports #575

merged 4 commits into from
Nov 1, 2023

Conversation

sjinks
Copy link
Member

@sjinks sjinks commented Oct 31, 2023
edited
Loading

Take advantage of GitHub Advanced Security and upload SARIF reports generated by Trivy.

This is what it looks like

@sjinks sjinks self-assigned this Oct 31, 2023
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/traefik_openssl:2.10.5 (alpine 3.18.4)

No vulnerabilities found.

usr/local/bin/traefik

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/docker/docker CVE-2023-28840 HIGH v20.10.21+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
github.com/docker/docker CVE-2023-28841 MEDIUM v20.10.21+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28841
github.com/docker/docker CVE-2023-28842 MEDIUM v20.10.21+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28842
github.com/docker/docker GHSA-jq35-85cj-fj4p MEDIUM v20.10.21+incompatible 24.0.7 GHSA-jq35-85cj-fj4p
github.com/hashicorp/consul CVE-2022-40716 MEDIUM v1.10.12 1.11.9, 1.12.5, 1.13.2 https://avd.aquasec.com/nvd/cve-2022-40716
github.com/hashicorp/consul CVE-2023-1297 MEDIUM v1.10.12 1.14.5, 1.15.3 https://avd.aquasec.com/nvd/cve-2023-1297

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/nginx:1.25.3 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/dev-tools:0.9 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/photon:latest (alpine 3.18.4)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2023-5363 MEDIUM 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-5363 MEDIUM 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/alpine:3.18.4 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/skeleton:latest (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:5.8 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.0 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.1 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.3 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.2 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:5.9 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023
edited
Loading

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.1 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libssl3 CVE-2023-5363 MEDIUM 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-2975 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-2975
libssl3 CVE-2023-3446 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3446
libssl3 CVE-2023-3817 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3817

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023
edited
Loading

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.0 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libssl3 CVE-2023-5363 MEDIUM 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-2975 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-2975
libssl3 CVE-2023-3446 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3446
libssl3 CVE-2023-3817 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3817

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023
edited
Loading

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:7.4 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libssl3 CVE-2023-5363 MEDIUM 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-2975 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-2975
libssl3 CVE-2023-3446 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3446
libssl3 CVE-2023-3817 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3817

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:trunk (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.4 (alpine 3.18.4)

No vulnerabilities found.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023
edited
Loading

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.2 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libssl3 CVE-2023-5363 MEDIUM 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-2975 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-2975
libssl3 CVE-2023-3446 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3446
libssl3 CVE-2023-3817 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3817

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023
edited
Loading

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.3 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libssl3 CVE-2023-5363 MEDIUM 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-5363
libssl3 CVE-2023-2975 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-2975
libssl3 CVE-2023-3446 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3446
libssl3 CVE-2023-3817 LOW 3.0.2-0ubuntu1.10 3.0.2-0ubuntu1.12 https://avd.aquasec.com/nvd/cve-2023-3817

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

Trivy Scan Report

ghcr.io/automattic/vip-container-images/mu-plugins:0.1 (alpine 3.18.4)

No vulnerabilities found.

@sjinks sjinks marked this pull request as ready for review November 1, 2023 00:57
@sjinks sjinks requested a review from a team as a code owner November 1, 2023 00:57
@sjinks sjinks mentioned this pull request Nov 1, 2023
Merged
@sjinks sjinks merged commit a325dd5 into master Nov 1, 2023
22 checks passed
@sjinks sjinks deleted the update/scan branch November 1, 2023 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rebeccahum rebeccahum rebeccahum approved these changes

Assignees

@sjinks sjinks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sjinks @rebeccahum