-
Notifications
You must be signed in to change notification settings - Fork 334
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix snapshots and alpine version (#990)
This updates busybox to 1.36.1-r27 to resolve all current vulnerabilities, and then updates the snapshots to match. This is a bit odd as 1.36.1-r27 doesn't actually exist on the distro this SBOM is created for (alpine 3.17) , where the highest version is 1.35.0-r30. However, as 3.17 is now out of support, no more fixes are being backported for 1.35.0. The *ideal(?)* behavior would not show the 3.19/3.20 vulnerabilities on 1.36.1 when scanning Alpine 3.17, but because of distro in purls still being undefined, all alpine advisories are returned. When this is eventually implemented, we should revert this PR.
- Loading branch information
1 parent
055ef05
commit 5eed7e8
Showing
3 changed files
with
62 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.