Replies: 1 comment
-
Prometheus operator is not affected by those CVEs as they come from indirect dependencies. The one of Prometheus is even a false positive that you need to report to Trivy: 0.43.0 corresponds to Prometheus v2.43.0. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi! I have recently downloaded the latest release of Prometheus-Operator (0.65.1) and analysed it with Trivy (a security and vulnerability scanner). The result shows several vulnerabilities:
Do you have any information/statement about these CVEs related to your product? Is your software actually affected by them? If so, are you planning to address these vulnerabilities in an upcoming release?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions