Hi,
The chartMuseum binary contains the go.etcd.io/etcd-v3.3.27+incompatible library with is flagged as a security risk and need to update to the latest version 3.4.0 and above available for resolving the issue.
The mentioned library is coming as a derived dependency, as is verified by searching for it in the go.mod file. It is because of this vulnerable library that all the images having even the latest chartMuseum binary baked into them are failing the security scans.
Hi,
The chartMuseum binary contains the go.etcd.io/etcd-v3.3.27+incompatible library with is flagged as a security risk and need to update to the latest version 3.4.0 and above available for resolving the issue.
The mentioned library is coming as a derived dependency, as is verified by searching for it in the go.mod file. It is because of this vulnerable library that all the images having even the latest chartMuseum binary baked into them are failing the security scans.