From 0e3f27563a9208414174d212a11b57916317331e Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Mon, 29 Sep 2025 17:36:36 +0200 Subject: [PATCH 1/4] feat: add domain model for scan result --- flake.nix | 11 +- src/domain/mod.rs | 1 + src/domain/scanresult/accepted_risk.rs | 142 ++++ src/domain/scanresult/accepted_risk_reason.rs | 10 + src/domain/scanresult/architecture.rs | 6 + src/domain/scanresult/evaluation_result.rs | 15 + src/domain/scanresult/layer.rs | 85 ++ src/domain/scanresult/metadata.rs | 77 ++ src/domain/scanresult/mod.rs | 20 + src/domain/scanresult/operating_system.rs | 27 + src/domain/scanresult/package.rs | 145 ++++ src/domain/scanresult/package_type.rs | 13 + src/domain/scanresult/policy.rs | 106 +++ src/domain/scanresult/policy_bundle.rs | 109 +++ src/domain/scanresult/policy_bundle_rule.rs | 109 +++ .../scanresult/policy_bundle_rule_failure.rs | 8 + ...policy_bundle_rule_image_config_failure.rs | 29 + .../policy_bundle_rule_pkg_vuln_failure.rs | 29 + src/domain/scanresult/scan_result.rs | 762 ++++++++++++++++++ src/domain/scanresult/scan_type.rs | 4 + src/domain/scanresult/severity.rs | 9 + src/domain/scanresult/vulnerability.rs | 152 ++++ src/domain/scanresult/weak_hash.rs | 27 + src/lib.rs | 1 + 24 files changed, 1892 insertions(+), 5 deletions(-) create mode 100644 src/domain/mod.rs create mode 100644 src/domain/scanresult/accepted_risk.rs create mode 100644 src/domain/scanresult/accepted_risk_reason.rs create mode 100644 src/domain/scanresult/architecture.rs create mode 100644 src/domain/scanresult/evaluation_result.rs create mode 100644 src/domain/scanresult/layer.rs create mode 100644 src/domain/scanresult/metadata.rs create mode 100644 src/domain/scanresult/mod.rs create mode 100644 src/domain/scanresult/operating_system.rs create mode 100644 src/domain/scanresult/package.rs create mode 100644 src/domain/scanresult/package_type.rs create mode 100644 src/domain/scanresult/policy.rs create mode 100644 src/domain/scanresult/policy_bundle.rs create mode 100644 src/domain/scanresult/policy_bundle_rule.rs create mode 100644 src/domain/scanresult/policy_bundle_rule_failure.rs create mode 100644 src/domain/scanresult/policy_bundle_rule_image_config_failure.rs create mode 100644 src/domain/scanresult/policy_bundle_rule_pkg_vuln_failure.rs create mode 100644 src/domain/scanresult/scan_result.rs create mode 100644 src/domain/scanresult/scan_type.rs create mode 100644 src/domain/scanresult/severity.rs create mode 100644 src/domain/scanresult/vulnerability.rs create mode 100644 src/domain/scanresult/weak_hash.rs diff --git a/flake.nix b/flake.nix index 206e0e0..e61b155 100644 --- a/flake.nix +++ b/flake.nix @@ -40,17 +40,18 @@ mkShell { packages = [ cargo - rustc - rustfmt cargo-audit - cargo-watch - cargo-nextest cargo-expand + cargo-nextest + cargo-tarpaulin + cargo-watch clippy just - rust-analyzer lldb pre-commit + rust-analyzer + rustc + rustfmt ]; inputsFrom = [ sysdig-lsp ]; diff --git a/src/domain/mod.rs b/src/domain/mod.rs new file mode 100644 index 0000000..97f4ef3 --- /dev/null +++ b/src/domain/mod.rs @@ -0,0 +1 @@ +pub mod scanresult; diff --git a/src/domain/scanresult/accepted_risk.rs b/src/domain/scanresult/accepted_risk.rs new file mode 100644 index 0000000..dceb97a --- /dev/null +++ b/src/domain/scanresult/accepted_risk.rs @@ -0,0 +1,142 @@ +use crate::domain::scanresult::accepted_risk_reason::AcceptedRiskReason; +use crate::domain::scanresult::package::Package; +use crate::domain::scanresult::vulnerability::Vulnerability; +use crate::domain::scanresult::weak_hash::WeakHash; +use chrono::{DateTime, Utc}; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct AcceptedRisk { + id: String, + reason: AcceptedRiskReason, + description: String, + expiration_date: Option>, + is_active: bool, + created_at: DateTime, + updated_at: DateTime, + assigned_to_vulnerabilities: RwLock>>, + assigned_to_packages: RwLock>>, +} + +impl Debug for AcceptedRisk { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("AcceptedRisk") + .field("id", &self.id) + .field("reason", &self.reason) + .field("description", &self.description) + .field("expiration_date", &self.expiration_date) + .field("is_active", &self.is_active) + .field("created_at", &self.created_at) + .field("updated_at", &self.updated_at) + .finish() + } +} + +impl AcceptedRisk { + #[allow(clippy::too_many_arguments)] + pub(in crate::domain::scanresult) fn new( + id: String, + reason: AcceptedRiskReason, + description: String, + expiration_date: Option>, + is_active: bool, + created_at: DateTime, + updated_at: DateTime, + ) -> Self { + Self { + id, + reason, + description, + expiration_date, + is_active, + created_at, + updated_at, + assigned_to_vulnerabilities: RwLock::new(HashSet::new()), + assigned_to_packages: RwLock::new(HashSet::new()), + } + } + + pub fn id(&self) -> &str { + &self.id + } + + pub fn reason(&self) -> &AcceptedRiskReason { + &self.reason + } + + pub fn description(&self) -> &str { + &self.description + } + + pub fn expiration_date(&self) -> Option> { + self.expiration_date + } + + pub fn is_active(&self) -> bool { + self.is_active + } + + pub fn created_at(&self) -> DateTime { + self.created_at + } + + pub fn updated_at(&self) -> DateTime { + self.updated_at + } + + pub fn add_for_vulnerability(self: &Arc, vulnerability: Arc) { + if self + .assigned_to_vulnerabilities + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&vulnerability))) + { + vulnerability.add_accepted_risk(self.clone()); + } + } + + pub fn assigned_to_vulnerabilities(self: &Arc) -> Vec> { + self.assigned_to_vulnerabilities + .read() + .unwrap() + .iter() + .filter_map(|v| v.0.upgrade()) + .collect() + } + + pub fn add_for_package(self: &Arc, a_package: Arc) { + if self + .assigned_to_packages + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&a_package))) + { + a_package.add_accepted_risk(self.clone()); + } + } + + pub fn assigned_to_packages(self: &Arc) -> Vec> { + self.assigned_to_packages + .read() + .unwrap() + .iter() + .filter_map(|p| p.0.upgrade()) + .collect() + } +} + +impl PartialEq for AcceptedRisk { + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } +} + +impl Eq for AcceptedRisk {} + +impl Hash for AcceptedRisk { + fn hash(&self, state: &mut H) { + self.id.hash(state); + } +} diff --git a/src/domain/scanresult/accepted_risk_reason.rs b/src/domain/scanresult/accepted_risk_reason.rs new file mode 100644 index 0000000..e75d211 --- /dev/null +++ b/src/domain/scanresult/accepted_risk_reason.rs @@ -0,0 +1,10 @@ +#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] +pub enum AcceptedRiskReason { + RiskOwned, + RiskTransferred, + RiskAvoided, + RiskMitigated, + RiskNotRelevant, + Custom, + Unknown, +} diff --git a/src/domain/scanresult/architecture.rs b/src/domain/scanresult/architecture.rs new file mode 100644 index 0000000..2a08ff6 --- /dev/null +++ b/src/domain/scanresult/architecture.rs @@ -0,0 +1,6 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)] +pub enum Architecture { + Amd64, + Arm64, + Unknown, +} diff --git a/src/domain/scanresult/evaluation_result.rs b/src/domain/scanresult/evaluation_result.rs new file mode 100644 index 0000000..c1240d5 --- /dev/null +++ b/src/domain/scanresult/evaluation_result.rs @@ -0,0 +1,15 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)] +pub enum EvaluationResult { + Passed, + Failed, +} + +impl EvaluationResult { + pub fn is_failed(&self) -> bool { + matches!(self, Self::Failed) + } + + pub fn is_passed(&self) -> bool { + matches!(self, Self::Passed) + } +} diff --git a/src/domain/scanresult/layer.rs b/src/domain/scanresult/layer.rs new file mode 100644 index 0000000..cd030cf --- /dev/null +++ b/src/domain/scanresult/layer.rs @@ -0,0 +1,85 @@ +use crate::domain::scanresult::package::Package; +use crate::domain::scanresult::vulnerability::Vulnerability; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct Layer { + digest: String, + size: Option, + command: String, + packages: RwLock>>, +} + +impl Debug for Layer { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("Layer") + .field("digest", &self.digest) + .field("size", &self.size) + .field("command", &self.command) + .finish() + } +} + +impl Layer { + pub(in crate::domain::scanresult) fn new( + digest: String, + size: Option, + command: String, + ) -> Self { + Self { + digest, + size, + command, + packages: RwLock::new(HashSet::new()), + } + } + + pub fn digest(&self) -> Option<&str> { + if self.digest.is_empty() { + None + } else { + Some(&self.digest) + } + } + + pub fn size(&self) -> Option<&u64> { + self.size.as_ref() + } + + pub fn command(&self) -> &str { + &self.command + } + + pub(in crate::domain::scanresult) fn add_package(&self, a_package: Arc) { + self.packages.write().unwrap().insert(a_package); + } + + pub fn packages(&self) -> Vec> { + self.packages.read().unwrap().iter().cloned().collect() + } + + pub fn vulnerabilities(&self) -> Vec> { + self.packages + .read() + .unwrap() + .iter() + .flat_map(|p| p.vulnerabilities()) + .collect() + } +} + +impl PartialEq for Layer { + fn eq(&self, other: &Self) -> bool { + self.digest == other.digest + } +} + +impl Eq for Layer {} + +impl Hash for Layer { + fn hash(&self, state: &mut H) { + self.digest.hash(state); + } +} diff --git a/src/domain/scanresult/metadata.rs b/src/domain/scanresult/metadata.rs new file mode 100644 index 0000000..3b3a64e --- /dev/null +++ b/src/domain/scanresult/metadata.rs @@ -0,0 +1,77 @@ +use crate::domain::scanresult::architecture::Architecture; +use crate::domain::scanresult::operating_system::OperatingSystem; +use chrono::{DateTime, Utc}; +use std::collections::HashMap; + +#[derive(PartialEq, Eq)] +pub struct Metadata { + pull_string: String, + image_id: String, + digest: String, + base_os: OperatingSystem, + size_in_bytes: u64, + architecture: Architecture, + labels: HashMap, + created_at: DateTime, +} + +impl Metadata { + #[allow(clippy::too_many_arguments)] + pub(in crate::domain::scanresult) fn new( + pull_string: String, + image_id: String, + digest: String, + base_os: OperatingSystem, + size_in_bytes: u64, + architecture: Architecture, + labels: HashMap, + created_at: DateTime, + ) -> Self { + Self { + pull_string, + image_id, + digest, + base_os, + size_in_bytes, + architecture, + labels, + created_at, + } + } + + pub fn pull_string(&self) -> &str { + &self.pull_string + } + + pub fn image_id(&self) -> &str { + &self.image_id + } + + pub fn digest(&self) -> Option<&str> { + if self.digest.is_empty() { + None + } else { + Some(&self.digest) + } + } + + pub fn base_os(&self) -> &OperatingSystem { + &self.base_os + } + + pub fn size_in_bytes(&self) -> &u64 { + &self.size_in_bytes + } + + pub fn architecture(&self) -> &Architecture { + &self.architecture + } + + pub fn labels(&self) -> &HashMap { + &self.labels + } + + pub fn created_at(&self) -> DateTime { + self.created_at + } +} diff --git a/src/domain/scanresult/mod.rs b/src/domain/scanresult/mod.rs new file mode 100644 index 0000000..34905fe --- /dev/null +++ b/src/domain/scanresult/mod.rs @@ -0,0 +1,20 @@ +pub mod accepted_risk; +pub mod accepted_risk_reason; +pub mod architecture; +pub mod evaluation_result; +pub mod layer; +pub mod metadata; +pub mod operating_system; +pub mod package; +pub mod package_type; +pub mod policy; +pub mod policy_bundle; +pub mod policy_bundle_rule; +pub mod policy_bundle_rule_failure; +pub mod policy_bundle_rule_image_config_failure; +pub mod policy_bundle_rule_pkg_vuln_failure; +pub mod scan_result; +pub mod scan_type; +pub mod severity; +pub mod vulnerability; +pub mod weak_hash; diff --git a/src/domain/scanresult/operating_system.rs b/src/domain/scanresult/operating_system.rs new file mode 100644 index 0000000..e22744c --- /dev/null +++ b/src/domain/scanresult/operating_system.rs @@ -0,0 +1,27 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)] +pub enum Family { + Linux, + Darwin, + Windows, + Unknown, +} + +#[derive(PartialEq, Eq, Hash)] +pub struct OperatingSystem { + family: Family, + name: String, +} + +impl OperatingSystem { + pub fn new(family: Family, name: String) -> Self { + Self { family, name } + } + + pub fn family(&self) -> Family { + self.family + } + + pub fn name(&self) -> &str { + &self.name + } +} diff --git a/src/domain/scanresult/package.rs b/src/domain/scanresult/package.rs new file mode 100644 index 0000000..5fcba36 --- /dev/null +++ b/src/domain/scanresult/package.rs @@ -0,0 +1,145 @@ +use crate::domain::scanresult::accepted_risk::AcceptedRisk; +use crate::domain::scanresult::layer::Layer; +use crate::domain::scanresult::package_type::PackageType; +use crate::domain::scanresult::vulnerability::Vulnerability; +use crate::domain::scanresult::weak_hash::WeakHash; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct Package { + package_type: PackageType, + name: String, + version: String, + path: String, + found_in_layer: Arc, + vulnerabilities: RwLock>>, + accepted_risks: RwLock>>, +} + +impl Debug for Package { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("Package") + .field("package_type", &self.package_type) + .field("name", &self.name) + .field("version", &self.version) + .field("path", &self.path) + .field("found_in_layer", &self.found_in_layer) + .finish() + } +} + +impl Package { + pub(in crate::domain::scanresult) fn new( + package_type: PackageType, + name: String, + version: String, + path: String, + found_in_layer: Arc, + ) -> Self { + Self { + package_type, + name, + version, + path, + found_in_layer, + vulnerabilities: RwLock::new(HashSet::new()), + accepted_risks: RwLock::new(HashSet::new()), + } + } + + pub fn package_type(&self) -> &PackageType { + &self.package_type + } + + pub fn name(&self) -> &str { + &self.name + } + + pub fn version(&self) -> &str { + &self.version + } + + pub fn path(&self) -> &str { + &self.path + } + + pub fn found_in_layer(&self) -> &Arc { + &self.found_in_layer + } + + pub fn add_vulnerability_found(self: &Arc, vulnerability: Arc) { + if self + .vulnerabilities + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&vulnerability))) + { + vulnerability.add_found_in_package(self.clone()); + } + } + + pub fn vulnerabilities(&self) -> Vec> { + self.vulnerabilities + .read() + .unwrap() + .iter() + .filter_map(|v| v.0.upgrade()) + .collect() + } + + pub fn add_accepted_risk(self: &Arc, accepted_risk: Arc) { + if self + .accepted_risks + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&accepted_risk))) + { + accepted_risk.add_for_package(self.clone()); + } + } + + pub fn accepted_risks(&self) -> Vec> { + self.accepted_risks + .read() + .unwrap() + .iter() + .filter_map(|r| r.0.upgrade()) + .collect() + } +} + +impl PartialEq for Package { + fn eq(&self, other: &Self) -> bool { + self.package_type == other.package_type + && self.name == other.name + && self.version == other.version + && self.path == other.path + } +} + +impl Eq for Package {} + +impl Hash for Package { + fn hash(&self, state: &mut H) { + self.package_type.hash(state); + self.name.hash(state); + self.version.hash(state); + self.path.hash(state); + } +} + +impl Clone for Package { + fn clone(&self) -> Self { + Self { + package_type: self.package_type, + name: self.name.clone(), + version: self.version.clone(), + path: self.path.clone(), + found_in_layer: self.found_in_layer.clone(), + vulnerabilities: RwLock::new(self.vulnerabilities.read().unwrap().clone()), + accepted_risks: RwLock::new(self.accepted_risks.read().unwrap().clone()), + } + } +} diff --git a/src/domain/scanresult/package_type.rs b/src/domain/scanresult/package_type.rs new file mode 100644 index 0000000..dcb2fe2 --- /dev/null +++ b/src/domain/scanresult/package_type.rs @@ -0,0 +1,13 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)] +pub enum PackageType { + Unknown, + Os, + Python, + Java, + Javascript, + Golang, + Rust, + Ruby, + Php, + CSharp, +} diff --git a/src/domain/scanresult/policy.rs b/src/domain/scanresult/policy.rs new file mode 100644 index 0000000..1bd6605 --- /dev/null +++ b/src/domain/scanresult/policy.rs @@ -0,0 +1,106 @@ +use crate::domain::scanresult::evaluation_result::EvaluationResult; +use crate::domain::scanresult::policy_bundle::PolicyBundle; +use crate::domain::scanresult::weak_hash::WeakHash; +use chrono::{DateTime, Utc}; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct Policy { + id: String, + name: String, + created_at: DateTime, + updated_at: DateTime, + bundles: RwLock>>, +} + +impl Debug for Policy { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("Policy") + .field("id", &self.id) + .field("name", &self.name) + .field("created_at", &self.created_at) + .field("updated_at", &self.updated_at) + .finish() + } +} + +impl Policy { + pub(in crate::domain::scanresult) fn new( + id: String, + name: String, + created_at: DateTime, + updated_at: DateTime, + ) -> Self { + Self { + id, + name, + created_at, + updated_at, + bundles: RwLock::new(HashSet::new()), + } + } + + pub fn id(&self) -> &str { + &self.id + } + + pub fn name(&self) -> &str { + &self.name + } + + pub fn created_at(&self) -> DateTime { + self.created_at + } + + pub fn updated_at(&self) -> DateTime { + self.updated_at + } + + pub fn add_bundle(self: &Arc, policy_bundle: &Arc) { + if self + .bundles + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(policy_bundle))) + { + policy_bundle.add_policy(self.clone()); + } + } + + pub fn bundles(&self) -> Vec> { + self.bundles + .read() + .unwrap() + .iter() + .filter_map(|b| b.0.upgrade()) + .collect() + } + + pub fn evaluation_result(&self) -> EvaluationResult { + if self + .bundles() + .iter() + .all(|b| b.evaluation_result().is_passed()) + { + EvaluationResult::Passed + } else { + EvaluationResult::Failed + } + } +} + +impl PartialEq for Policy { + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } +} + +impl Eq for Policy {} + +impl Hash for Policy { + fn hash(&self, state: &mut H) { + self.id.hash(state); + } +} diff --git a/src/domain/scanresult/policy_bundle.rs b/src/domain/scanresult/policy_bundle.rs new file mode 100644 index 0000000..d6c4cf0 --- /dev/null +++ b/src/domain/scanresult/policy_bundle.rs @@ -0,0 +1,109 @@ +use crate::domain::scanresult::evaluation_result::EvaluationResult; +use crate::domain::scanresult::policy::Policy; +use crate::domain::scanresult::policy_bundle_rule::PolicyBundleRule; +use crate::domain::scanresult::weak_hash::WeakHash; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct PolicyBundle { + id: String, + name: String, + rules: RwLock>>, + found_in_policies: RwLock>>, +} + +impl Debug for PolicyBundle { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("PolicyBundle") + .field("id", &self.id) + .field("name", &self.name) + .finish() + } +} + +impl PolicyBundle { + pub(in crate::domain::scanresult) fn new(id: String, name: String) -> Self { + Self { + id, + name, + rules: RwLock::new(HashSet::new()), + found_in_policies: RwLock::new(HashSet::new()), + } + } + + pub fn add_policy(self: &Arc, policy: Arc) { + if self + .found_in_policies + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&policy))) + { + policy.add_bundle(self); + } + } + + pub fn add_rule( + self: &Arc, + id: String, + description: String, + evaluation_result: EvaluationResult, + ) -> Arc { + let rule = Arc::new(PolicyBundleRule::new( + id, + description, + evaluation_result, + Arc::downgrade(self), + )); + self.rules.write().unwrap().insert(rule.clone()); + rule + } + + pub fn found_in_policies(&self) -> Vec> { + self.found_in_policies + .read() + .unwrap() + .iter() + .filter_map(|p| p.0.upgrade()) + .collect() + } + + pub fn id(&self) -> &str { + &self.id + } + + pub fn name(&self) -> &str { + &self.name + } + + pub fn rules(&self) -> Vec> { + self.rules.read().unwrap().iter().cloned().collect() + } + + pub fn evaluation_result(&self) -> EvaluationResult { + if self + .rules() + .iter() + .all(|r| r.evaluation_result().is_passed()) + { + EvaluationResult::Passed + } else { + EvaluationResult::Failed + } + } +} + +impl PartialEq for PolicyBundle { + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } +} + +impl Eq for PolicyBundle {} + +impl Hash for PolicyBundle { + fn hash(&self, state: &mut H) { + self.id.hash(state); + } +} diff --git a/src/domain/scanresult/policy_bundle_rule.rs b/src/domain/scanresult/policy_bundle_rule.rs new file mode 100644 index 0000000..5a1d216 --- /dev/null +++ b/src/domain/scanresult/policy_bundle_rule.rs @@ -0,0 +1,109 @@ +use crate::domain::scanresult::evaluation_result::EvaluationResult; +use crate::domain::scanresult::policy_bundle::PolicyBundle; +use crate::domain::scanresult::policy_bundle_rule_failure::PolicyBundleRuleFailure; +use crate::domain::scanresult::policy_bundle_rule_image_config_failure::PolicyBundleRuleImageConfigFailure; +use crate::domain::scanresult::policy_bundle_rule_pkg_vuln_failure::PolicyBundleRulePkgVulnFailure; +use crate::domain::scanresult::weak_hash::WeakHash; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock, Weak}; + +pub struct PolicyBundleRule { + id: String, + description: String, + evaluation_result: EvaluationResult, + parent: WeakHash, + failures: RwLock>, +} + +impl PartialEq for PolicyBundleRule { + fn eq(&self, other: &Self) -> bool { + self.id == other.id + && self.description == other.description + && self.evaluation_result == other.evaluation_result + && self.parent == other.parent + } +} + +impl Eq for PolicyBundleRule {} + +impl Hash for PolicyBundleRule { + fn hash(&self, state: &mut H) { + self.id.hash(state); + self.description.hash(state); + self.evaluation_result.hash(state); + self.parent.hash(state); + } +} + +impl Clone for PolicyBundleRule { + fn clone(&self) -> Self { + Self { + id: self.id.clone(), + description: self.description.clone(), + evaluation_result: self.evaluation_result, + parent: self.parent.clone(), + failures: RwLock::new(self.failures.read().unwrap().clone()), + } + } +} + +impl PolicyBundleRule { + pub(in crate::domain::scanresult) fn new( + id: String, + description: String, + evaluation_result: EvaluationResult, + parent: Weak, + ) -> Self { + Self { + id, + description, + evaluation_result, + parent: WeakHash(parent), + failures: RwLock::new(Vec::new()), + } + } + + pub fn id(&self) -> &str { + &self.id + } + + pub fn description(&self) -> &str { + &self.description + } + + pub fn evaluation_result(&self) -> &EvaluationResult { + &self.evaluation_result + } + + pub fn parent(&self) -> &Weak { + &self.parent.0 + } + + pub fn add_image_config_failure( + self: &Arc, + remediation: String, + ) -> PolicyBundleRuleImageConfigFailure { + let failure = PolicyBundleRuleImageConfigFailure::new(remediation, Arc::downgrade(self)); + self.failures + .write() + .unwrap() + .push(PolicyBundleRuleFailure::ImageConfig(failure.clone())); + failure + } + + pub fn add_pkg_vuln_failure( + self: &Arc, + description: String, + ) -> PolicyBundleRulePkgVulnFailure { + let failure = PolicyBundleRulePkgVulnFailure::new(description, Arc::downgrade(self)); + self.failures + .write() + .unwrap() + .push(PolicyBundleRuleFailure::PkgVuln(failure.clone())); + failure + } + + pub fn failures(&self) -> Vec { + self.failures.read().unwrap().clone() + } +} diff --git a/src/domain/scanresult/policy_bundle_rule_failure.rs b/src/domain/scanresult/policy_bundle_rule_failure.rs new file mode 100644 index 0000000..c8e1111 --- /dev/null +++ b/src/domain/scanresult/policy_bundle_rule_failure.rs @@ -0,0 +1,8 @@ +use crate::domain::scanresult::policy_bundle_rule_image_config_failure::PolicyBundleRuleImageConfigFailure; +use crate::domain::scanresult::policy_bundle_rule_pkg_vuln_failure::PolicyBundleRulePkgVulnFailure; + +#[derive(PartialEq, Eq, Hash, Clone)] +pub enum PolicyBundleRuleFailure { + ImageConfig(PolicyBundleRuleImageConfigFailure), + PkgVuln(PolicyBundleRulePkgVulnFailure), +} diff --git a/src/domain/scanresult/policy_bundle_rule_image_config_failure.rs b/src/domain/scanresult/policy_bundle_rule_image_config_failure.rs new file mode 100644 index 0000000..3f30ee0 --- /dev/null +++ b/src/domain/scanresult/policy_bundle_rule_image_config_failure.rs @@ -0,0 +1,29 @@ +use crate::domain::scanresult::policy_bundle_rule::PolicyBundleRule; +use crate::domain::scanresult::weak_hash::WeakHash; +use std::sync::Weak; + +#[derive(PartialEq, Eq, Hash, Clone)] +pub struct PolicyBundleRuleImageConfigFailure { + description: String, + parent: WeakHash, +} + +impl PolicyBundleRuleImageConfigFailure { + pub(in crate::domain::scanresult) fn new( + description: String, + parent: Weak, + ) -> Self { + Self { + description, + parent: WeakHash(parent), + } + } + + pub fn description(&self) -> &str { + &self.description + } + + pub fn parent(&self) -> &Weak { + &self.parent.0 + } +} diff --git a/src/domain/scanresult/policy_bundle_rule_pkg_vuln_failure.rs b/src/domain/scanresult/policy_bundle_rule_pkg_vuln_failure.rs new file mode 100644 index 0000000..4cf6b75 --- /dev/null +++ b/src/domain/scanresult/policy_bundle_rule_pkg_vuln_failure.rs @@ -0,0 +1,29 @@ +use crate::domain::scanresult::policy_bundle_rule::PolicyBundleRule; +use crate::domain::scanresult::weak_hash::WeakHash; +use std::sync::Weak; + +#[derive(PartialEq, Eq, Hash, Clone)] +pub struct PolicyBundleRulePkgVulnFailure { + remediation: String, + parent: WeakHash, +} + +impl PolicyBundleRulePkgVulnFailure { + pub(in crate::domain::scanresult) fn new( + remediation: String, + parent: Weak, + ) -> Self { + Self { + remediation, + parent: WeakHash(parent), + } + } + + pub fn remediation(&self) -> &str { + &self.remediation + } + + pub fn parent(&self) -> &Weak { + &self.parent.0 + } +} diff --git a/src/domain/scanresult/scan_result.rs b/src/domain/scanresult/scan_result.rs new file mode 100644 index 0000000..b65a3cc --- /dev/null +++ b/src/domain/scanresult/scan_result.rs @@ -0,0 +1,762 @@ +use crate::domain::scanresult::accepted_risk::AcceptedRisk; +use crate::domain::scanresult::accepted_risk_reason::AcceptedRiskReason; +use crate::domain::scanresult::architecture::Architecture; +use crate::domain::scanresult::evaluation_result::EvaluationResult; +use crate::domain::scanresult::layer::Layer; +use crate::domain::scanresult::metadata::Metadata; +use crate::domain::scanresult::operating_system::OperatingSystem; +use crate::domain::scanresult::package::Package; +use crate::domain::scanresult::package_type::PackageType; +use crate::domain::scanresult::policy::Policy; +use crate::domain::scanresult::policy_bundle::PolicyBundle; +use crate::domain::scanresult::scan_type::ScanType; +use crate::domain::scanresult::severity::Severity; +use crate::domain::scanresult::vulnerability::Vulnerability; +use chrono::{DateTime, Utc}; +use std::collections::HashMap; +use std::sync::Arc; + +#[derive(PartialEq, Eq)] +pub struct ScanResult { + scan_type: ScanType, + metadata: Metadata, + layers: HashMap>, + packages: HashMap, ()>, + vulnerabilities: HashMap>, + policies: HashMap>, + policy_bundles: HashMap>, + accepted_risks: HashMap>, +} + +impl ScanResult { + #[allow(clippy::too_many_arguments)] + pub fn new( + scan_type: ScanType, + pull_string: String, + image_id: String, + digest: String, + base_os: OperatingSystem, + size_in_bytes: u64, + architecture: Architecture, + labels: HashMap, + created_at: DateTime, + ) -> Self { + Self { + scan_type, + metadata: Metadata::new( + pull_string, + image_id, + digest, + base_os, + size_in_bytes, + architecture, + labels, + created_at, + ), + layers: HashMap::new(), + packages: HashMap::new(), + vulnerabilities: HashMap::new(), + policies: HashMap::new(), + policy_bundles: HashMap::new(), + accepted_risks: HashMap::new(), + } + } + + pub fn scan_type(&self) -> &ScanType { + &self.scan_type + } + + pub fn metadata(&self) -> &Metadata { + &self.metadata + } + + pub fn add_layer(&mut self, digest: String, size: Option, command: String) -> Arc { + let layer = Arc::new(Layer::new(digest.clone(), size, command)); + self.layers.insert(digest, layer.clone()); + layer + } + + pub fn find_layer_by_digest(&self, digest: &str) -> Option> { + self.layers.get(digest).cloned() + } + + pub fn layers(&self) -> Vec> { + self.layers.values().cloned().collect() + } + + pub fn add_package( + &mut self, + package_type: PackageType, + name: String, + version: String, + path: String, + found_in_layer: Arc, + ) -> Arc { + let a_package = Arc::new(Package::new( + package_type, + name.clone(), + version.clone(), + path.clone(), + found_in_layer.clone(), + )); + found_in_layer.add_package(a_package.clone()); + + self.packages + .entry(a_package) + .insert_entry(()) + .key() + .clone() + } + + pub fn packages(&self) -> Vec> { + self.packages.keys().cloned().collect() + } + + pub fn add_vulnerability( + &mut self, + cve: String, + severity: Severity, + disclosure_date: DateTime, + solution_date: Option>, + exploitable: bool, + fix_version: Option, + ) -> Arc { + self.vulnerabilities + .entry(cve.clone()) + .or_insert_with(|| { + Arc::new(Vulnerability::new( + cve, + severity, + disclosure_date, + solution_date, + exploitable, + fix_version, + )) + }) + .clone() + } + + pub fn find_vulnerability_by_cve(&self, cve: &str) -> Option> { + self.vulnerabilities.get(cve).cloned() + } + + pub fn vulnerabilities(&self) -> Vec> { + self.vulnerabilities.values().cloned().collect() + } + + pub fn add_policy( + &mut self, + id: String, + name: String, + created_at: DateTime, + updated_at: DateTime, + ) -> Arc { + self.policies + .entry(id.clone()) + .or_insert_with(|| Arc::new(Policy::new(id, name, created_at, updated_at))) + .clone() + } + + pub fn find_policy_by_id(&self, id: &str) -> Option> { + self.policies.get(id).cloned() + } + + pub fn policies(&self) -> Vec> { + self.policies.values().cloned().collect() + } + + pub fn add_policy_bundle( + &mut self, + id: String, + name: String, + policy: Arc, + ) -> Arc { + let policy_bundle = self + .policy_bundles + .entry(id.clone()) + .or_insert_with(|| Arc::new(PolicyBundle::new(id, name))) + .clone(); + policy_bundle.add_policy(policy); + policy_bundle + } + + pub fn find_policy_bundle_by_id(&self, id: &str) -> Option> { + self.policy_bundles.get(id).cloned() + } + + pub fn policy_bundles(&self) -> Vec> { + self.policy_bundles.values().cloned().collect() + } + + #[allow(clippy::too_many_arguments)] + pub fn add_accepted_risk( + &mut self, + id: String, + reason: AcceptedRiskReason, + description: String, + expiration_date: Option>, + is_active: bool, + created_at: DateTime, + updated_at: DateTime, + ) -> Arc { + self.accepted_risks + .entry(id.clone()) + .or_insert_with(|| { + Arc::new(AcceptedRisk::new( + id, + reason, + description, + expiration_date, + is_active, + created_at, + updated_at, + )) + }) + .clone() + } + + pub fn find_accepted_risk_by_id(&self, id: &str) -> Option> { + self.accepted_risks.get(id).cloned() + } + + pub fn accepted_risks(&self) -> Vec> { + self.accepted_risks.values().cloned().collect() + } + + pub fn evaluation_result(&self) -> EvaluationResult { + if self + .policies() + .iter() + .all(|p| p.evaluation_result().is_passed()) + { + EvaluationResult::Passed + } else { + EvaluationResult::Failed + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::domain::scanresult::architecture::Architecture; + use crate::domain::scanresult::operating_system::{Family, OperatingSystem}; + use crate::domain::scanresult::package_type::PackageType; + use crate::domain::scanresult::scan_type::ScanType; + use crate::domain::scanresult::severity::Severity; + use chrono::Utc; + use std::collections::HashMap; + use std::sync::Arc; + + fn create_scan_result() -> ScanResult { + ScanResult::new( + ScanType::Docker, + "alpine:latest".to_string(), + "sha256:12345".to_string(), + "sha256:67890".to_string(), + OperatingSystem::new(Family::Linux, "alpine:3.18".to_string()), + 123456, + Architecture::Amd64, + HashMap::new(), + Utc::now(), + ) + } + + #[test] + fn new_creates_scan_result() { + let scan_result = create_scan_result(); + assert_eq!(scan_result.scan_type(), &ScanType::Docker); + assert_eq!(scan_result.metadata().pull_string(), "alpine:latest"); + assert!(scan_result.layers().is_empty()); + assert!(scan_result.packages().is_empty()); + assert!(scan_result.vulnerabilities().is_empty()); + assert!(scan_result.policies().is_empty()); + assert!(scan_result.policy_bundles().is_empty()); + assert!(scan_result.accepted_risks().is_empty()); + } + + #[test] + fn add_and_find_layer() { + let mut scan_result = create_scan_result(); + let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + + assert_eq!(scan_result.layers().len(), 1); + assert_eq!(scan_result.layers()[0], layer); + + let found_layer = scan_result.find_layer_by_digest("sha256:abc"); + assert_eq!(found_layer, Some(layer)); + + let not_found_layer = scan_result.find_layer_by_digest("sha256:def"); + assert!(not_found_layer.is_none()); + } + + #[test] + fn add_package_test() { + let mut scan_result = create_scan_result(); + let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let package = scan_result.add_package( + PackageType::Os, + "musl".to_string(), + "1.2.3".to_string(), + "/lib/ld-musl-x86_64.so.1".to_string(), + layer.clone(), + ); + + assert_eq!(scan_result.packages().len(), 1); + assert_eq!(scan_result.packages()[0], package); + assert_eq!(layer.packages().len(), 1); + assert_eq!(layer.packages()[0], package); + assert_eq!(package.found_in_layer(), &layer); + assert_eq!(package.vulnerabilities().len(), 0); + assert_eq!(package.accepted_risks().len(), 0); + } + + #[test] + fn add_and_find_vulnerability() { + let mut scan_result = create_scan_result(); + let vuln = scan_result.add_vulnerability( + "CVE-2023-1234".to_string(), + Severity::High, + Utc::now(), + None, + false, + Some("1.2.4".to_string()), + ); + + assert_eq!(scan_result.vulnerabilities().len(), 1); + assert_eq!(scan_result.vulnerabilities()[0], vuln); + + let found_vuln = scan_result.find_vulnerability_by_cve("CVE-2023-1234"); + assert_eq!(found_vuln, Some(vuln)); + + let not_found_vuln = scan_result.find_vulnerability_by_cve("CVE-2023-5678"); + assert!(not_found_vuln.is_none()); + } + + #[test] + fn mix_vulns_and_packages() { + let mut scan_result = create_scan_result(); + let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let package = scan_result.add_package( + PackageType::Os, + "musl".to_string(), + "1.2.3".to_string(), + "/lib/ld-musl-x86_64.so.1".to_string(), + layer.clone(), + ); + let vuln = scan_result.add_vulnerability( + "CVE-2023-1234".to_string(), + Severity::High, + Utc::now(), + None, + false, + Some("1.2.4".to_string()), + ); + + package.add_vulnerability_found(vuln.clone()); + + assert!(vuln.found_in_packages().contains(&package)); + assert!(vuln.found_in_layers().contains(&layer)); + assert!(package.vulnerabilities().contains(&vuln)); + assert!(layer.vulnerabilities().contains(&vuln)); + } + + #[test] + fn add_and_find_policy() { + let mut scan_result = create_scan_result(); + let now = Utc::now(); + let policy = + scan_result.add_policy("policy-1".to_string(), "My Policy".to_string(), now, now); + + assert_eq!(scan_result.policies().len(), 1); + assert_eq!(scan_result.policies()[0], policy); + + let found_policy = scan_result.find_policy_by_id("policy-1"); + assert_eq!(found_policy, Some(policy)); + + let not_found_policy = scan_result.find_policy_by_id("policy-2"); + assert!(not_found_policy.is_none()); + } + + #[test] + fn add_and_find_policy_bundle() { + let mut scan_result = create_scan_result(); + let policy = scan_result.add_policy( + "policy-1".to_string(), + "My Policy".to_string(), + Utc::now(), + Utc::now(), + ); + let bundle = scan_result.add_policy_bundle( + "bundle-1".to_string(), + "My Bundle".to_string(), + policy.clone(), + ); + + assert_eq!(scan_result.policy_bundles().len(), 1); + assert_eq!(scan_result.policy_bundles()[0], bundle); + assert!(bundle.found_in_policies().contains(&policy)); + + let found_bundle = scan_result.find_policy_bundle_by_id("bundle-1"); + assert_eq!(found_bundle, Some(bundle)); + + let not_found_bundle = scan_result.find_policy_bundle_by_id("bundle-2"); + assert!(not_found_bundle.is_none()); + } + + #[test] + fn add_and_find_accepted_risk() { + let mut scan_result = create_scan_result(); + let risk = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::RiskMitigated, + "description".to_string(), + None, + true, + Utc::now(), + Utc::now(), + ); + + assert_eq!(scan_result.accepted_risks().len(), 1); + assert_eq!(scan_result.accepted_risks()[0], risk); + + let found_risk = scan_result.find_accepted_risk_by_id("risk-1"); + assert_eq!(found_risk, Some(risk)); + + let not_found_risk = scan_result.find_accepted_risk_by_id("risk-2"); + assert!(not_found_risk.is_none()); + } + + #[test] + fn mix_accepted_risks_and_vulns() { + let mut scan_result = create_scan_result(); + let risk = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::RiskMitigated, + "description".to_string(), + None, + true, + Utc::now(), + Utc::now(), + ); + let vuln = scan_result.add_vulnerability( + "CVE-2023-1234".to_string(), + Severity::High, + Utc::now(), + None, + false, + Some("1.2.4".to_string()), + ); + + vuln.add_accepted_risk(risk.clone()); + + assert!(vuln.accepted_risks().contains(&risk)); + assert!(risk.assigned_to_vulnerabilities().contains(&vuln)); + } + + #[test] + fn mix_accepted_risks_and_packages() { + let mut scan_result = create_scan_result(); + let risk = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::RiskMitigated, + "description".to_string(), + None, + true, + Utc::now(), + Utc::now(), + ); + let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let package = scan_result.add_package( + PackageType::Os, + "musl".to_string(), + "1.2.3".to_string(), + "/lib/ld-musl-x86_64.so.1".to_string(), + layer.clone(), + ); + + package.add_accepted_risk(risk.clone()); + + assert!(package.accepted_risks().contains(&risk)); + assert!(risk.assigned_to_packages().contains(&package)); + } + + #[test] + fn evaluation_result_passed() { + let mut scan_result = create_scan_result(); + let now = Utc::now(); + let policy = + scan_result.add_policy("policy-1".to_string(), "My Policy".to_string(), now, now); + // No failures added, so it should pass + assert_eq!(policy.evaluation_result(), EvaluationResult::Passed); + assert_eq!(scan_result.evaluation_result(), EvaluationResult::Passed); + } + + #[test] + fn evaluation_result_failed() { + let mut scan_result = create_scan_result(); + let now = Utc::now(); + let policy = + scan_result.add_policy("policy-1".to_string(), "My Policy".to_string(), now, now); + let bundle = scan_result.add_policy_bundle( + "bundle-1".to_string(), + "My Bundle".to_string(), + policy.clone(), + ); + bundle.add_rule( + "rule-1".to_string(), + "rule name".to_string(), + EvaluationResult::Failed, + ); + + assert_eq!(policy.evaluation_result(), EvaluationResult::Failed); + assert_eq!(scan_result.evaluation_result(), EvaluationResult::Failed); + } + + #[test] + fn test_entity_getters_and_debug() { + let mut scan_result = create_scan_result(); + let now = Utc::now(); + + // Metadata + let metadata = scan_result.metadata(); + assert_eq!(metadata.image_id(), "sha256:12345"); + assert_eq!(metadata.digest(), Some("sha256:67890")); + assert_eq!(metadata.base_os().family(), Family::Linux); + assert_eq!(metadata.base_os().name(), "alpine:3.18"); + assert_eq!(*metadata.size_in_bytes(), 123456); + assert_eq!(*metadata.architecture(), Architecture::Amd64); + assert!(metadata.labels().is_empty()); + + // Layer + let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + assert_eq!(layer.digest(), Some("sha256:abc")); + assert_eq!(layer.size(), Some(&100)); + assert_eq!(layer.command(), "CMD"); + assert!(format!("{:?}", layer).contains("sha256:abc")); + let empty_digest_layer = scan_result.add_layer("".to_string(), None, "ADD".to_string()); + assert!(empty_digest_layer.digest().is_none()); + + // Package + let package = scan_result.add_package( + PackageType::Os, + "musl".to_string(), + "1.2.3".to_string(), + "/path".to_string(), + layer.clone(), + ); + assert_eq!(package.package_type(), &PackageType::Os); + assert_eq!(package.name(), "musl"); + assert_eq!(package.version(), "1.2.3"); + assert_eq!(package.path(), "/path"); + assert!(format!("{:?}", package).contains("musl")); + assert_eq!(package.clone(), package); + + // Vulnerability + let vuln = scan_result.add_vulnerability( + "CVE-1".to_string(), + Severity::High, + now, + Some(now), + true, + Some("1.2.4".to_string()), + ); + assert_eq!(vuln.cve(), "CVE-1"); + assert_eq!(vuln.severity(), Severity::High); + assert_eq!(vuln.disclosure_date(), now); + assert_eq!(vuln.solution_date(), Some(now)); + assert!(vuln.exploitable()); + assert!(vuln.fixable()); + assert_eq!(vuln.fix_version(), Some("1.2.4")); + assert!(format!("{:?}", vuln).contains("CVE-1")); + + // AcceptedRisk + let risk = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::Custom, + "desc".to_string(), + Some(now), + true, + now, + now, + ); + assert_eq!(risk.reason(), &AcceptedRiskReason::Custom); + assert_eq!(risk.description(), "desc"); + assert_eq!(risk.expiration_date(), Some(now)); + assert!(risk.is_active()); + assert_eq!(risk.created_at(), now); + assert_eq!(risk.updated_at(), now); + assert!(format!("{:?}", risk).contains("risk-1")); + + // Policy + let policy = + scan_result.add_policy("policy-1".to_string(), "My Policy".to_string(), now, now); + assert_eq!(policy.name(), "My Policy"); + assert_eq!(policy.created_at(), now); + assert_eq!(policy.updated_at(), now); + assert!(format!("{:?}", policy).contains("policy-1")); + + // PolicyBundle + let bundle = scan_result.add_policy_bundle( + "bundle-1".to_string(), + "My Bundle".to_string(), + policy.clone(), + ); + assert_eq!(bundle.id(), "bundle-1"); + assert_eq!(bundle.name(), "My Bundle"); + assert!(format!("{:?}", bundle).contains("bundle-1")); + } + + #[test] + fn test_idempotent_adds() { + let mut scan_result = create_scan_result(); + let now = Utc::now(); + + // Add vulnerability twice + let vuln = scan_result.add_vulnerability( + "CVE-1".to_string(), + Severity::High, + now, + None, + false, + None, + ); + let vuln2 = scan_result.add_vulnerability( + "CVE-1".to_string(), + Severity::High, + now, + None, + false, + None, + ); + assert_eq!(Arc::as_ptr(&vuln), Arc::as_ptr(&vuln2)); + assert_eq!(scan_result.vulnerabilities().len(), 1); + + // Add layer twice + let layer = scan_result.add_layer("layer-1".to_string(), None, "CMD".to_string()); + let layer2 = scan_result.add_layer("layer-1".to_string(), None, "CMD".to_string()); + assert_ne!(Arc::as_ptr(&layer), Arc::as_ptr(&layer2)); // It creates a new Arc and replaces. + assert_eq!(scan_result.layers().len(), 1); + + // Add package twice + let pkg = scan_result.add_package( + PackageType::Os, + "pkg".to_string(), + "1.0".to_string(), + "/path".to_string(), + layer.clone(), + ); + let pkg2 = scan_result.add_package( + PackageType::Os, + "pkg".to_string(), + "1.0".to_string(), + "/path".to_string(), + layer.clone(), + ); + assert_eq!(Arc::as_ptr(&pkg), Arc::as_ptr(&pkg2)); + assert_eq!(scan_result.packages().len(), 1); + + // Add policy twice + let policy = scan_result.add_policy("policy-1".to_string(), "p1".to_string(), now, now); + let policy2 = scan_result.add_policy("policy-1".to_string(), "p1".to_string(), now, now); + assert_eq!(Arc::as_ptr(&policy), Arc::as_ptr(&policy2)); + assert_eq!(scan_result.policies().len(), 1); + + // Add policy bundle twice + let bundle = + scan_result.add_policy_bundle("bundle-1".to_string(), "b1".to_string(), policy.clone()); + let bundle2 = + scan_result.add_policy_bundle("bundle-1".to_string(), "b1".to_string(), policy.clone()); + assert_eq!(Arc::as_ptr(&bundle), Arc::as_ptr(&bundle2)); + assert_eq!(scan_result.policy_bundles().len(), 1); + + // Add accepted risk twice + let risk = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::Custom, + "".to_string(), + None, + true, + now, + now, + ); + let risk2 = scan_result.add_accepted_risk( + "risk-1".to_string(), + AcceptedRiskReason::Custom, + "".to_string(), + None, + true, + now, + now, + ); + assert_eq!(Arc::as_ptr(&risk), Arc::as_ptr(&risk2)); + assert_eq!(scan_result.accepted_risks().len(), 1); + + // Test linking existing items + pkg.add_vulnerability_found(vuln.clone()); + pkg.add_vulnerability_found(vuln.clone()); // second time + assert_eq!(pkg.vulnerabilities().len(), 1); + assert_eq!(vuln.found_in_packages().len(), 1); + + pkg.add_accepted_risk(risk.clone()); + pkg.add_accepted_risk(risk.clone()); + assert_eq!(pkg.accepted_risks().len(), 1); + assert_eq!(risk.assigned_to_packages().len(), 1); + + vuln.add_accepted_risk(risk.clone()); + vuln.add_accepted_risk(risk.clone()); + assert_eq!(vuln.accepted_risks().len(), 1); + assert_eq!(risk.assigned_to_vulnerabilities().len(), 1); + + bundle.add_policy(policy.clone()); + bundle.add_policy(policy.clone()); + assert_eq!(bundle.found_in_policies().len(), 1); + assert_eq!(policy.bundles().len(), 1); + } + + #[test] + fn test_policy_evaluation_and_failures() { + let mut scan_result = create_scan_result(); + let policy = + scan_result.add_policy("p1".to_string(), "p1".to_string(), Utc::now(), Utc::now()); + let bundle = + scan_result.add_policy_bundle("b1".to_string(), "b1".to_string(), policy.clone()); + + let passed_rule = bundle.add_rule( + "rule-passed".to_string(), + "desc".to_string(), + EvaluationResult::Passed, + ); + assert_eq!(passed_rule.id(), "rule-passed"); + assert_eq!(passed_rule.description(), "desc"); + assert!(passed_rule.evaluation_result().is_passed()); + assert!(!passed_rule.evaluation_result().is_failed()); + assert!(passed_rule.parent().upgrade().is_some()); + + assert_eq!(bundle.evaluation_result(), EvaluationResult::Passed); + assert_eq!(policy.evaluation_result(), EvaluationResult::Passed); + assert_eq!(scan_result.evaluation_result(), EvaluationResult::Passed); + + let failed_rule = bundle.add_rule( + "rule-failed".to_string(), + "desc".to_string(), + EvaluationResult::Failed, + ); + assert!(failed_rule.evaluation_result().is_failed()); + assert!(!failed_rule.evaluation_result().is_passed()); + + let img_fail = failed_rule.add_image_config_failure("remediation".to_string()); + assert_eq!(img_fail.description(), "remediation"); + assert!(img_fail.parent().upgrade().is_some()); + + let pkg_fail = failed_rule.add_pkg_vuln_failure("description".to_string()); + assert_eq!(pkg_fail.remediation(), "description"); + assert!(pkg_fail.parent().upgrade().is_some()); + + assert_eq!(failed_rule.failures().len(), 2); + + assert_eq!(bundle.evaluation_result(), EvaluationResult::Failed); + assert_eq!(policy.evaluation_result(), EvaluationResult::Failed); + assert_eq!(scan_result.evaluation_result(), EvaluationResult::Failed); + } +} diff --git a/src/domain/scanresult/scan_type.rs b/src/domain/scanresult/scan_type.rs new file mode 100644 index 0000000..3c62634 --- /dev/null +++ b/src/domain/scanresult/scan_type.rs @@ -0,0 +1,4 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)] +pub enum ScanType { + Docker, +} diff --git a/src/domain/scanresult/severity.rs b/src/domain/scanresult/severity.rs new file mode 100644 index 0000000..d8709a2 --- /dev/null +++ b/src/domain/scanresult/severity.rs @@ -0,0 +1,9 @@ +#[derive(PartialEq, Eq, Hash, Clone, Copy, PartialOrd, Ord, Debug)] +pub enum Severity { + Critical, + High, + Medium, + Low, + Negligible, + Unknown, +} diff --git a/src/domain/scanresult/vulnerability.rs b/src/domain/scanresult/vulnerability.rs new file mode 100644 index 0000000..5b58dd7 --- /dev/null +++ b/src/domain/scanresult/vulnerability.rs @@ -0,0 +1,152 @@ +use crate::domain::scanresult::accepted_risk::AcceptedRisk; +use crate::domain::scanresult::layer::Layer; +use crate::domain::scanresult::package::Package; +use crate::domain::scanresult::severity::Severity; +use crate::domain::scanresult::weak_hash::WeakHash; +use chrono::{DateTime, Utc}; +use std::collections::HashSet; +use std::fmt::Debug; +use std::hash::{Hash, Hasher}; +use std::sync::{Arc, RwLock}; + +pub struct Vulnerability { + cve: String, + severity: Severity, + disclosure_date: DateTime, + solution_date: Option>, + exploitable: bool, + fix_version: Option, + found_in_packages: RwLock>>, + accepted_risks: RwLock>>, +} + +impl Debug for Vulnerability { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("Vulnerability") + .field("cve", &self.cve) + .field("severity", &self.severity) + .field("disclosure_date", &self.disclosure_date) + .field("solution_date", &self.solution_date) + .field("exploitable", &self.exploitable) + .field("fix_version", &self.fix_version) + .finish() + } +} + +impl Vulnerability { + pub(in crate::domain::scanresult) fn new( + cve: String, + severity: Severity, + disclosure_date: DateTime, + solution_date: Option>, + exploitable: bool, + fix_version: Option, + ) -> Self { + Self { + cve, + severity, + disclosure_date, + solution_date, + exploitable, + fix_version, + found_in_packages: RwLock::new(HashSet::new()), + accepted_risks: RwLock::new(HashSet::new()), + } + } + + pub fn cve(&self) -> &str { + &self.cve + } + + pub fn severity(&self) -> Severity { + self.severity + } + + pub fn disclosure_date(&self) -> DateTime { + self.disclosure_date + } + + pub fn solution_date(&self) -> Option> { + self.solution_date + } + + pub fn exploitable(&self) -> bool { + self.exploitable + } + + pub fn fixable(&self) -> bool { + self.fix_version.is_some() + } + + pub fn fix_version(&self) -> Option<&str> { + self.fix_version.as_deref() + } + + pub(in crate::domain::scanresult) fn add_found_in_package( + self: &Arc, + a_package: Arc, + ) { + if self + .found_in_packages + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&a_package))) + { + a_package.add_vulnerability_found(self.clone()); + } + } + + pub fn found_in_packages(&self) -> Vec> { + self.found_in_packages + .read() + .unwrap() + .iter() + .filter_map(|p| p.0.upgrade()) + .collect() + } + + pub fn found_in_layers(&self) -> Vec> { + self.found_in_packages() + .iter() + .map(|p| p.found_in_layer()) + .cloned() + .collect() + } + + pub(in crate::domain::scanresult) fn add_accepted_risk( + self: &Arc, + accepted_risk: Arc, + ) { + if self + .accepted_risks + .write() + .unwrap() + .insert(WeakHash(Arc::downgrade(&accepted_risk))) + { + accepted_risk.add_for_vulnerability(self.clone()); + } + } + + pub fn accepted_risks(&self) -> Vec> { + self.accepted_risks + .read() + .unwrap() + .iter() + .filter_map(|r| r.0.upgrade()) + .collect() + } +} + +impl PartialEq for Vulnerability { + fn eq(&self, other: &Self) -> bool { + self.cve == other.cve + } +} + +impl Eq for Vulnerability {} + +impl Hash for Vulnerability { + fn hash(&self, state: &mut H) { + self.cve.hash(state); + } +} diff --git a/src/domain/scanresult/weak_hash.rs b/src/domain/scanresult/weak_hash.rs new file mode 100644 index 0000000..1812081 --- /dev/null +++ b/src/domain/scanresult/weak_hash.rs @@ -0,0 +1,27 @@ +use std::hash::{Hash, Hasher}; +use std::sync::Weak; + +/// A wrapper for `Weak` that implements `Hash`, `PartialEq`, and `Eq` +/// based on the pointer address of the underlying data. This allows `Weak` +/// pointers to be stored in collections like `HashSet`. +pub struct WeakHash(pub Weak); + +impl Clone for WeakHash { + fn clone(&self) -> Self { + Self(self.0.clone()) + } +} + +impl Hash for WeakHash { + fn hash(&self, state: &mut H) { + self.0.as_ptr().hash(state); + } +} + +impl PartialEq for WeakHash { + fn eq(&self, other: &Self) -> bool { + self.0.ptr_eq(&other.0) + } +} + +impl Eq for WeakHash {} diff --git a/src/lib.rs b/src/lib.rs index f0e9932..a2991a9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,4 @@ #![allow(dead_code)] pub mod app; +pub mod domain; pub mod infra; From 41cee474588b39200f33ae78b170b12472b952ff Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Tue, 30 Sep 2025 17:02:17 +0200 Subject: [PATCH 2/4] refactor: use the new domain model --- Cargo.lock | 56 +- Cargo.toml | 4 +- flake.nix | 1 + src/app/commands.rs | 145 +++-- src/app/image_scanner.rs | 82 +-- src/app/mod.rs | 5 +- src/domain/scanresult/accepted_risk.rs | 8 +- src/domain/scanresult/layer.rs | 7 + src/domain/scanresult/metadata.rs | 12 +- src/domain/scanresult/operating_system.rs | 2 +- src/domain/scanresult/scan_result.rs | 74 ++- src/domain/scanresult/vulnerability.rs | 19 +- src/infra/mod.rs | 2 +- src/infra/sysdig_image_scanner.rs | 66 +- ...ysdig_image_scanner_json_scan_result_v1.rs | 576 +++++++++++++++++ src/infra/sysdig_image_scanner_result.rs | 588 ------------------ 16 files changed, 861 insertions(+), 786 deletions(-) create mode 100644 src/infra/sysdig_image_scanner_json_scan_result_v1.rs delete mode 100644 src/infra/sysdig_image_scanner_result.rs diff --git a/Cargo.lock b/Cargo.lock index a541c4f..e9e55b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1105,6 +1105,15 @@ dependencies = [ "yaml-rust2", ] +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + [[package]] name = "memchr" version = "2.7.5" @@ -1748,19 +1757,6 @@ dependencies = [ "time", ] -[[package]] -name = "serde_yaml" -version = "0.9.34+deprecated" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" -dependencies = [ - "indexmap 2.11.4", - "itoa", - "ryu", - "serde", - "unsafe-libyaml", -] - [[package]] name = "serial_test" version = "3.2.0" @@ -1902,15 +1898,14 @@ dependencies = [ "semver", "serde", "serde_json", - "serde_yaml", "serial_test", "tar", "thiserror", "tokio", "tower-lsp", - "tower-service", "tracing", "tracing-subscriber", + "tracing-test", ] [[package]] @@ -2234,14 +2229,39 @@ version = "0.3.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5" dependencies = [ + "matchers", "nu-ansi-term", + "once_cell", + "regex-automata", "sharded-slab", "smallvec", "thread_local", + "tracing", "tracing-core", "tracing-log", ] +[[package]] +name = "tracing-test" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "557b891436fe0d5e0e363427fc7f217abf9ccd510d5136549847bdcbcd011d68" +dependencies = [ + "tracing-core", + "tracing-subscriber", + "tracing-test-macro", +] + +[[package]] +name = "tracing-test-macro" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568" +dependencies = [ + "quote", + "syn", +] + [[package]] name = "try-lock" version = "0.2.5" @@ -2254,12 +2274,6 @@ version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" -[[package]] -name = "unsafe-libyaml" -version = "0.2.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" - [[package]] name = "untrusted" version = "0.9.0" diff --git a/Cargo.toml b/Cargo.toml index 056ac57..37dfd8f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,16 +25,16 @@ reqwest = "0.12.14" semver = "1.0.26" serde = { version = "1.0.219", features = ["alloc", "derive"] } serde_json = "1.0.135" -serde_yaml = "0.9.34" serial_test = { version = "3.2.0", features = ["file_locks"] } tar = "0.4.44" thiserror = "2.0.12" tokio = { version = "1.43.0", features = ["full"] } tower-lsp = "0.20.0" -tower-service = "0.3.3" tracing = "0.1.41" tracing-subscriber = "0.3.19" [dev-dependencies] itertools = "0.14.0" lazy_static = "1.5.0" +tracing-subscriber = { version = "0.3.19", features = ["fmt", "env-filter"] } +tracing-test = "0.2.5" diff --git a/flake.nix b/flake.nix index e61b155..949a4e0 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ cargo cargo-audit cargo-expand + cargo-machete cargo-nextest cargo-tarpaulin cargo-watch diff --git a/src/app/commands.rs b/src/app/commands.rs index 80ca70b..be352b7 100644 --- a/src/app/commands.rs +++ b/src/app/commands.rs @@ -1,18 +1,22 @@ use std::{ path::{Path, PathBuf}, str::FromStr, + sync::Arc, }; +use itertools::Itertools; use tower_lsp::{ jsonrpc::{Error, Result}, lsp_types::{Diagnostic, DiagnosticSeverity, MessageType, Position, Range}, }; -use crate::infra::parse_dockerfile; +use crate::{ + domain::scanresult::{layer::Layer, scan_result::ScanResult, severity::Severity}, + infra::parse_dockerfile, +}; use super::{ - ImageBuilder, ImageScanResult, ImageScanner, InMemoryDocumentDatabase, LSPClient, - LayerScanResult, VulnSeverity, lsp_server::WithContext, + ImageBuilder, ImageScanner, InMemoryDocumentDatabase, LSPClient, lsp_server::WithContext, }; pub struct CommandExecutor { @@ -99,18 +103,38 @@ where ..Default::default() }; - if scan_result.has_vulnerabilities() { + if !scan_result.vulnerabilities().is_empty() { diagnostic.message = format!( "Vulnerabilities found for {}: {} Critical, {} High, {} Medium, {} Low, {} Negligible", image_name, - scan_result.count_vulns_of_severity(VulnSeverity::Critical), - scan_result.count_vulns_of_severity(VulnSeverity::High), - scan_result.count_vulns_of_severity(VulnSeverity::Medium), - scan_result.count_vulns_of_severity(VulnSeverity::Low), - scan_result.count_vulns_of_severity(VulnSeverity::Negligible), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Critical) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::High) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Medium) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Low) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Negligible) }) + .count(), ); - diagnostic.severity = Some(if scan_result.is_compliant { + diagnostic.severity = Some(if scan_result.evaluation_result().is_passed() { DiagnosticSeverity::INFORMATION } else { DiagnosticSeverity::ERROR @@ -199,10 +223,10 @@ where pub fn diagnostics_for_layers( document_text: &str, - scan_result: &ImageScanResult, + scan_result: &ScanResult, ) -> Result> { let instructions = parse_dockerfile(document_text); - let layers = &scan_result.layers; + let layers = &scan_result.layers(); let mut instr_idx = instructions.len().checked_sub(1); let mut layer_idx = layers.len().checked_sub(1); @@ -220,14 +244,34 @@ pub fn diagnostics_for_layers( instr_idx = instr_idx.and_then(|x| x.checked_sub(1)); layer_idx = layer_idx.and_then(|x| x.checked_sub(1)); - if layer.has_vulnerabilities() { + if !layer.vulnerabilities().is_empty() { let msg = format!( "Vulnerabilities found in layer: {} Critical, {} High, {} Medium, {} Low, {} Negligible", - layer.count_vulns_of_severity(VulnSeverity::Critical), - layer.count_vulns_of_severity(VulnSeverity::High), - layer.count_vulns_of_severity(VulnSeverity::Medium), - layer.count_vulns_of_severity(VulnSeverity::Low), - layer.count_vulns_of_severity(VulnSeverity::Negligible), + layer + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Critical) }) + .count(), + layer + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::High) }) + .count(), + layer + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Medium) }) + .count(), + layer + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Low) }) + .count(), + layer + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Negligible) }) + .count(), ); let diagnostic = Diagnostic { range: instr.range, @@ -246,40 +290,35 @@ pub fn diagnostics_for_layers( } fn fill_vulnerability_hints_for_layer( - layer: &LayerScanResult, + layer: &Arc, range: Range, diagnostics: &mut Vec, ) { - let vulnerability_types = [ - VulnSeverity::Critical, - VulnSeverity::High, - VulnSeverity::Medium, - VulnSeverity::Low, - VulnSeverity::Negligible, - ]; - - let vulns_per_severity = vulnerability_types + let vulns_per_severity = layer + .vulnerabilities() .iter() - .flat_map(|sev| layer.vulnerabilities.iter().filter(|l| l.severity == *sev)); + .cloned() + .sorted_by_key(|v| v.severity()); // TODO(fede): eventually we would want to add here a .take() to truncate the number // of vulnerabilities shown as hint per layer. vulns_per_severity.for_each(|vuln| { - let url = format!("https://nvd.nist.gov/vuln/detail/{}", vuln.id); + let url = format!("https://nvd.nist.gov/vuln/detail/{}", vuln.cve()); diagnostics.push(Diagnostic { range, severity: Some(DiagnosticSeverity::HINT), - message: format!("Vulnerability: {} ({:?}) {}", vuln.id, vuln.severity, url), + message: format!( + "Vulnerability: {} ({:?}) {}", + vuln.cve(), + vuln.severity(), + url + ), ..Default::default() }); }); } -fn diagnostic_for_image( - line: u32, - document_text: &str, - scan_result: &ImageScanResult, -) -> Diagnostic { +fn diagnostic_for_image(line: u32, document_text: &str, scan_result: &ScanResult) -> Diagnostic { let range_for_selected_line = Range::new( Position::new(line, 0), Position::new( @@ -299,17 +338,37 @@ fn diagnostic_for_image( ..Default::default() }; - if scan_result.has_vulnerabilities() { + if !scan_result.vulnerabilities().is_empty() { diagnostic.message = format!( "Total vulnerabilities found: {} Critical, {} High, {} Medium, {} Low, {} Negligible", - scan_result.count_vulns_of_severity(VulnSeverity::Critical), - scan_result.count_vulns_of_severity(VulnSeverity::High), - scan_result.count_vulns_of_severity(VulnSeverity::Medium), - scan_result.count_vulns_of_severity(VulnSeverity::Low), - scan_result.count_vulns_of_severity(VulnSeverity::Negligible), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Critical) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::High) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Medium) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Low) }) + .count(), + scan_result + .vulnerabilities() + .iter() + .filter(|v| { matches!(v.severity(), Severity::Negligible) }) + .count(), ); - diagnostic.severity = Some(if scan_result.is_compliant { + diagnostic.severity = Some(if scan_result.evaluation_result().is_passed() { DiagnosticSeverity::INFORMATION } else { DiagnosticSeverity::ERROR diff --git a/src/app/image_scanner.rs b/src/app/image_scanner.rs index 6fbbc29..117d632 100644 --- a/src/app/image_scanner.rs +++ b/src/app/image_scanner.rs @@ -1,65 +1,13 @@ use std::error::Error; use thiserror::Error; +use tracing::info; + +use crate::domain::scanresult::scan_result::ScanResult; #[async_trait::async_trait] pub trait ImageScanner { - async fn scan_image(&self, image_pull_string: &str) -> Result; -} - -#[derive(Clone, Debug)] -pub struct ImageScanResult { - pub vulnerabilities: Vec, - pub is_compliant: bool, - pub layers: Vec, -} - -impl ImageScanResult { - pub fn count_vulns_of_severity(&self, severity: VulnSeverity) -> usize { - self.vulnerabilities - .iter() - .filter(|v| v.severity == severity) - .count() - } - - pub fn has_vulnerabilities(&self) -> bool { - !self.vulnerabilities.is_empty() - } -} - -#[derive(Clone, Debug)] -pub struct VulnerabilityEntry { - pub id: String, - pub severity: VulnSeverity, -} - -#[derive(Clone, Copy, Debug, PartialEq, Eq)] -pub enum VulnSeverity { - Critical, - High, - Medium, - Low, - Negligible, -} - -#[derive(Clone, Debug)] -pub struct LayerScanResult { - pub layer_instruction: String, - pub layer_text: String, - pub vulnerabilities: Vec, -} - -impl LayerScanResult { - pub fn count_vulns_of_severity(&self, severity: VulnSeverity) -> usize { - self.vulnerabilities - .iter() - .filter(|v| v.severity == severity) - .count() - } - - pub fn has_vulnerabilities(&self) -> bool { - !self.vulnerabilities.is_empty() - } + async fn scan_image(&self, image_pull_string: &str) -> Result; } #[derive(Clone, Copy, Debug, Default)] @@ -71,6 +19,28 @@ pub struct Vulnerabilities { pub negligible: usize, } +impl From for Vulnerabilities { + fn from(value: ScanResult) -> Self { + value + .vulnerabilities() + .into_iter() + .fold(Self::default(), |mut acc, v| { + use crate::domain::scanresult::severity::Severity; + match v.severity() { + Severity::Critical => acc.critical += 1, + Severity::High => acc.high += 1, + Severity::Medium => acc.medium += 1, + Severity::Low => acc.low += 1, + Severity::Negligible => acc.negligible += 1, + Severity::Unknown => { + info!("unknown severity {:?}", v) + } + } + acc + }) + } +} + #[derive(Error, Debug)] pub enum ImageScanError { #[error("error in the internal scanner execution: {0}")] diff --git a/src/app/mod.rs b/src/app/mod.rs index c0944b7..f2735fd 100644 --- a/src/app/mod.rs +++ b/src/app/mod.rs @@ -9,9 +9,6 @@ mod queries; pub use document_database::*; pub use image_builder::{ImageBuildError, ImageBuildResult, ImageBuilder}; -pub use image_scanner::{ - ImageScanError, ImageScanResult, ImageScanner, LayerScanResult, VulnSeverity, Vulnerabilities, - VulnerabilityEntry, -}; +pub use image_scanner::{ImageScanError, ImageScanner, Vulnerabilities}; pub use lsp_client::LSPClient; pub use lsp_server::LSPServer; diff --git a/src/domain/scanresult/accepted_risk.rs b/src/domain/scanresult/accepted_risk.rs index dceb97a..5c8ded8 100644 --- a/src/domain/scanresult/accepted_risk.rs +++ b/src/domain/scanresult/accepted_risk.rs @@ -2,7 +2,7 @@ use crate::domain::scanresult::accepted_risk_reason::AcceptedRiskReason; use crate::domain::scanresult::package::Package; use crate::domain::scanresult::vulnerability::Vulnerability; use crate::domain::scanresult::weak_hash::WeakHash; -use chrono::{DateTime, Utc}; +use chrono::{DateTime, NaiveDate, Utc}; use std::collections::HashSet; use std::fmt::Debug; use std::hash::{Hash, Hasher}; @@ -12,7 +12,7 @@ pub struct AcceptedRisk { id: String, reason: AcceptedRiskReason, description: String, - expiration_date: Option>, + expiration_date: Option, is_active: bool, created_at: DateTime, updated_at: DateTime, @@ -40,7 +40,7 @@ impl AcceptedRisk { id: String, reason: AcceptedRiskReason, description: String, - expiration_date: Option>, + expiration_date: Option, is_active: bool, created_at: DateTime, updated_at: DateTime, @@ -70,7 +70,7 @@ impl AcceptedRisk { &self.description } - pub fn expiration_date(&self) -> Option> { + pub fn expiration_date(&self) -> Option { self.expiration_date } diff --git a/src/domain/scanresult/layer.rs b/src/domain/scanresult/layer.rs index cd030cf..189ba88 100644 --- a/src/domain/scanresult/layer.rs +++ b/src/domain/scanresult/layer.rs @@ -7,6 +7,7 @@ use std::sync::{Arc, RwLock}; pub struct Layer { digest: String, + index: usize, size: Option, command: String, packages: RwLock>>, @@ -25,11 +26,13 @@ impl Debug for Layer { impl Layer { pub(in crate::domain::scanresult) fn new( digest: String, + index: usize, size: Option, command: String, ) -> Self { Self { digest, + index, size, command, packages: RwLock::new(HashSet::new()), @@ -44,6 +47,10 @@ impl Layer { } } + pub fn index(&self) -> usize { + self.index + } + pub fn size(&self) -> Option<&u64> { self.size.as_ref() } diff --git a/src/domain/scanresult/metadata.rs b/src/domain/scanresult/metadata.rs index 3b3a64e..75546b3 100644 --- a/src/domain/scanresult/metadata.rs +++ b/src/domain/scanresult/metadata.rs @@ -3,11 +3,11 @@ use crate::domain::scanresult::operating_system::OperatingSystem; use chrono::{DateTime, Utc}; use std::collections::HashMap; -#[derive(PartialEq, Eq)] +#[derive(PartialEq, Eq, Clone)] pub struct Metadata { pull_string: String, image_id: String, - digest: String, + digest: Option, base_os: OperatingSystem, size_in_bytes: u64, architecture: Architecture, @@ -20,7 +20,7 @@ impl Metadata { pub(in crate::domain::scanresult) fn new( pull_string: String, image_id: String, - digest: String, + digest: Option, base_os: OperatingSystem, size_in_bytes: u64, architecture: Architecture, @@ -48,11 +48,7 @@ impl Metadata { } pub fn digest(&self) -> Option<&str> { - if self.digest.is_empty() { - None - } else { - Some(&self.digest) - } + self.digest.as_deref() } pub fn base_os(&self) -> &OperatingSystem { diff --git a/src/domain/scanresult/operating_system.rs b/src/domain/scanresult/operating_system.rs index e22744c..1c50baf 100644 --- a/src/domain/scanresult/operating_system.rs +++ b/src/domain/scanresult/operating_system.rs @@ -6,7 +6,7 @@ pub enum Family { Unknown, } -#[derive(PartialEq, Eq, Hash)] +#[derive(PartialEq, Eq, Hash, Clone)] pub struct OperatingSystem { family: Family, name: String, diff --git a/src/domain/scanresult/scan_result.rs b/src/domain/scanresult/scan_result.rs index b65a3cc..83755bd 100644 --- a/src/domain/scanresult/scan_result.rs +++ b/src/domain/scanresult/scan_result.rs @@ -12,11 +12,12 @@ use crate::domain::scanresult::policy_bundle::PolicyBundle; use crate::domain::scanresult::scan_type::ScanType; use crate::domain::scanresult::severity::Severity; use crate::domain::scanresult::vulnerability::Vulnerability; -use chrono::{DateTime, Utc}; +use chrono::{DateTime, NaiveDate, Utc}; +use itertools::Itertools; use std::collections::HashMap; use std::sync::Arc; -#[derive(PartialEq, Eq)] +#[derive(PartialEq, Eq, Clone)] pub struct ScanResult { scan_type: ScanType, metadata: Metadata, @@ -34,7 +35,7 @@ impl ScanResult { scan_type: ScanType, pull_string: String, image_id: String, - digest: String, + digest: Option, base_os: OperatingSystem, size_in_bytes: u64, architecture: Architecture, @@ -70,8 +71,14 @@ impl ScanResult { &self.metadata } - pub fn add_layer(&mut self, digest: String, size: Option, command: String) -> Arc { - let layer = Arc::new(Layer::new(digest.clone(), size, command)); + pub fn add_layer( + &mut self, + digest: String, + index: usize, + size: Option, + command: String, + ) -> Arc { + let layer = Arc::new(Layer::new(digest.clone(), index, size, command)); self.layers.insert(digest, layer.clone()); layer } @@ -81,7 +88,11 @@ impl ScanResult { } pub fn layers(&self) -> Vec> { - self.layers.values().cloned().collect() + self.layers + .values() + .cloned() + .sorted_by(|a, b| a.index().cmp(&b.index())) + .collect() } pub fn add_package( @@ -116,8 +127,8 @@ impl ScanResult { &mut self, cve: String, severity: Severity, - disclosure_date: DateTime, - solution_date: Option>, + disclosure_date: NaiveDate, + solution_date: Option, exploitable: bool, fix_version: Option, ) -> Arc { @@ -194,7 +205,7 @@ impl ScanResult { id: String, reason: AcceptedRiskReason, description: String, - expiration_date: Option>, + expiration_date: Option, is_active: bool, created_at: DateTime, updated_at: DateTime, @@ -253,7 +264,7 @@ mod tests { ScanType::Docker, "alpine:latest".to_string(), "sha256:12345".to_string(), - "sha256:67890".to_string(), + Some("sha256:67890".to_string()), OperatingSystem::new(Family::Linux, "alpine:3.18".to_string()), 123456, Architecture::Amd64, @@ -278,7 +289,8 @@ mod tests { #[test] fn add_and_find_layer() { let mut scan_result = create_scan_result(); - let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let layer = + scan_result.add_layer("sha256:abc".to_string(), 0, Some(100), "CMD".to_string()); assert_eq!(scan_result.layers().len(), 1); assert_eq!(scan_result.layers()[0], layer); @@ -293,7 +305,8 @@ mod tests { #[test] fn add_package_test() { let mut scan_result = create_scan_result(); - let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let layer = + scan_result.add_layer("sha256:abc".to_string(), 0, Some(100), "CMD".to_string()); let package = scan_result.add_package( PackageType::Os, "musl".to_string(), @@ -317,7 +330,7 @@ mod tests { let vuln = scan_result.add_vulnerability( "CVE-2023-1234".to_string(), Severity::High, - Utc::now(), + Utc::now().naive_utc().date(), None, false, Some("1.2.4".to_string()), @@ -336,7 +349,8 @@ mod tests { #[test] fn mix_vulns_and_packages() { let mut scan_result = create_scan_result(); - let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let layer = + scan_result.add_layer("sha256:abc".to_string(), 0, Some(100), "CMD".to_string()); let package = scan_result.add_package( PackageType::Os, "musl".to_string(), @@ -347,7 +361,7 @@ mod tests { let vuln = scan_result.add_vulnerability( "CVE-2023-1234".to_string(), Severity::High, - Utc::now(), + Utc::now().naive_utc().date(), None, false, Some("1.2.4".to_string()), @@ -442,7 +456,7 @@ mod tests { let vuln = scan_result.add_vulnerability( "CVE-2023-1234".to_string(), Severity::High, - Utc::now(), + Utc::now().naive_utc().date(), None, false, Some("1.2.4".to_string()), @@ -466,7 +480,8 @@ mod tests { Utc::now(), Utc::now(), ); - let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let layer = + scan_result.add_layer("sha256:abc".to_string(), 0, Some(100), "CMD".to_string()); let package = scan_result.add_package( PackageType::Os, "musl".to_string(), @@ -529,12 +544,13 @@ mod tests { assert!(metadata.labels().is_empty()); // Layer - let layer = scan_result.add_layer("sha256:abc".to_string(), Some(100), "CMD".to_string()); + let layer = + scan_result.add_layer("sha256:abc".to_string(), 0, Some(100), "CMD".to_string()); assert_eq!(layer.digest(), Some("sha256:abc")); assert_eq!(layer.size(), Some(&100)); assert_eq!(layer.command(), "CMD"); assert!(format!("{:?}", layer).contains("sha256:abc")); - let empty_digest_layer = scan_result.add_layer("".to_string(), None, "ADD".to_string()); + let empty_digest_layer = scan_result.add_layer("".to_string(), 0, None, "ADD".to_string()); assert!(empty_digest_layer.digest().is_none()); // Package @@ -556,15 +572,15 @@ mod tests { let vuln = scan_result.add_vulnerability( "CVE-1".to_string(), Severity::High, - now, - Some(now), + now.naive_utc().date(), + Some(now.naive_utc().date()), true, Some("1.2.4".to_string()), ); assert_eq!(vuln.cve(), "CVE-1"); assert_eq!(vuln.severity(), Severity::High); - assert_eq!(vuln.disclosure_date(), now); - assert_eq!(vuln.solution_date(), Some(now)); + assert_eq!(vuln.disclosure_date(), now.naive_utc().date()); + assert_eq!(vuln.solution_date(), Some(now.naive_utc().date())); assert!(vuln.exploitable()); assert!(vuln.fixable()); assert_eq!(vuln.fix_version(), Some("1.2.4")); @@ -575,14 +591,14 @@ mod tests { "risk-1".to_string(), AcceptedRiskReason::Custom, "desc".to_string(), - Some(now), + Some(now.naive_utc().date()), true, now, now, ); assert_eq!(risk.reason(), &AcceptedRiskReason::Custom); assert_eq!(risk.description(), "desc"); - assert_eq!(risk.expiration_date(), Some(now)); + assert_eq!(risk.expiration_date(), Some(now.naive_utc().date())); assert!(risk.is_active()); assert_eq!(risk.created_at(), now); assert_eq!(risk.updated_at(), now); @@ -616,7 +632,7 @@ mod tests { let vuln = scan_result.add_vulnerability( "CVE-1".to_string(), Severity::High, - now, + now.naive_utc().date(), None, false, None, @@ -624,7 +640,7 @@ mod tests { let vuln2 = scan_result.add_vulnerability( "CVE-1".to_string(), Severity::High, - now, + now.naive_utc().date(), None, false, None, @@ -633,8 +649,8 @@ mod tests { assert_eq!(scan_result.vulnerabilities().len(), 1); // Add layer twice - let layer = scan_result.add_layer("layer-1".to_string(), None, "CMD".to_string()); - let layer2 = scan_result.add_layer("layer-1".to_string(), None, "CMD".to_string()); + let layer = scan_result.add_layer("layer-1".to_string(), 0, None, "CMD".to_string()); + let layer2 = scan_result.add_layer("layer-1".to_string(), 0, None, "CMD".to_string()); assert_ne!(Arc::as_ptr(&layer), Arc::as_ptr(&layer2)); // It creates a new Arc and replaces. assert_eq!(scan_result.layers().len(), 1); diff --git a/src/domain/scanresult/vulnerability.rs b/src/domain/scanresult/vulnerability.rs index 5b58dd7..14df4ea 100644 --- a/src/domain/scanresult/vulnerability.rs +++ b/src/domain/scanresult/vulnerability.rs @@ -3,7 +3,7 @@ use crate::domain::scanresult::layer::Layer; use crate::domain::scanresult::package::Package; use crate::domain::scanresult::severity::Severity; use crate::domain::scanresult::weak_hash::WeakHash; -use chrono::{DateTime, Utc}; +use chrono::NaiveDate; use std::collections::HashSet; use std::fmt::Debug; use std::hash::{Hash, Hasher}; @@ -12,8 +12,8 @@ use std::sync::{Arc, RwLock}; pub struct Vulnerability { cve: String, severity: Severity, - disclosure_date: DateTime, - solution_date: Option>, + disclosure_date: NaiveDate, + solution_date: Option, exploitable: bool, fix_version: Option, found_in_packages: RwLock>>, @@ -37,8 +37,8 @@ impl Vulnerability { pub(in crate::domain::scanresult) fn new( cve: String, severity: Severity, - disclosure_date: DateTime, - solution_date: Option>, + disclosure_date: NaiveDate, + solution_date: Option, exploitable: bool, fix_version: Option, ) -> Self { @@ -62,11 +62,11 @@ impl Vulnerability { self.severity } - pub fn disclosure_date(&self) -> DateTime { + pub fn disclosure_date(&self) -> NaiveDate { self.disclosure_date } - pub fn solution_date(&self) -> Option> { + pub fn solution_date(&self) -> Option { self.solution_date } @@ -113,10 +113,7 @@ impl Vulnerability { .collect() } - pub(in crate::domain::scanresult) fn add_accepted_risk( - self: &Arc, - accepted_risk: Arc, - ) { + pub fn add_accepted_risk(self: &Arc, accepted_risk: Arc) { if self .accepted_risks .write() diff --git a/src/infra/mod.rs b/src/infra/mod.rs index 86096ee..c329eac 100644 --- a/src/infra/mod.rs +++ b/src/infra/mod.rs @@ -3,7 +3,7 @@ mod docker_image_builder; mod dockerfile_ast_parser; mod scanner_binary_manager; mod sysdig_image_scanner; -mod sysdig_image_scanner_result; +mod sysdig_image_scanner_json_scan_result_v1; pub use sysdig_image_scanner::{SysdigAPIToken, SysdigImageScanner}; pub mod lsp_logger; diff --git a/src/infra/sysdig_image_scanner.rs b/src/infra/sysdig_image_scanner.rs index 373910a..5363fb3 100644 --- a/src/infra/sysdig_image_scanner.rs +++ b/src/infra/sysdig_image_scanner.rs @@ -6,11 +6,14 @@ use serde::Deserialize; use thiserror::Error; use tokio::{process::Command, sync::Mutex}; -use crate::app::{ImageScanError, ImageScanResult, ImageScanner}; +use crate::{ + app::{ImageScanError, ImageScanner}, + domain::scanresult::scan_result::ScanResult, +}; use super::{ scanner_binary_manager::{ScannerBinaryManager, ScannerBinaryManagerError}, - sysdig_image_scanner_result::SysdigImageScannerReport, + sysdig_image_scanner_json_scan_result_v1::JsonScanResultV1, }; #[derive(Clone)] @@ -71,7 +74,7 @@ impl SysdigImageScanner { async fn scan( &self, image_pull_string: &str, - ) -> Result { + ) -> Result { let path_to_cli = self .scanner_binary_manager .lock() @@ -113,25 +116,38 @@ impl SysdigImageScanner { _ => {} }; - let report: SysdigImageScannerReport = serde_json::from_slice(&output.stdout)?; - - Ok(report) + deserialize_with_debug(&output.stdout) } } #[async_trait::async_trait] impl ImageScanner for SysdigImageScanner { - async fn scan_image(&self, image_pull_string: &str) -> Result { - Ok(self.scan(image_pull_string).await?.into()) + async fn scan_image(&self, image_pull_string: &str) -> Result { + let scan = self.scan(image_pull_string).await?; + Ok(ScanResult::from(&scan)) } } +fn deserialize_with_debug(json_bytes: &[u8]) -> Result { + let output_json = String::from_utf8_lossy(json_bytes); + serde_json::from_str(&output_json).map_err(|e| { + tracing::error!( + "Failed to deserialize scanner output. Raw JSON: {}", + output_json + ); + SysdigImageScannerError::ReportDeserialization(e) + }) +} + #[cfg(test)] #[serial_test::file_serial] mod tests { + use crate::infra::sysdig_image_scanner::deserialize_with_debug; use lazy_static::lazy_static; - use crate::app::{ImageScanner, VulnSeverity}; + use tracing_test::traced_test; + + use crate::app::ImageScanner; use super::{SysdigAPIToken, SysdigImageScanner}; @@ -149,9 +165,8 @@ mod tests { let report = scanner.scan("ubuntu:22.04").await.unwrap(); - assert!(report.info.is_some()); - assert!(report.scanner.is_some()); - assert!(report.result.is_some()); + assert_eq!(report.scanner.name, "sysdig-cli-scanner"); + assert_eq!(report.result.metadata.pull_string, "ubuntu:22.04"); } #[tokio::test] @@ -166,11 +181,26 @@ mod tests { .await .unwrap(); - assert!(report.count_vulns_of_severity(VulnSeverity::Critical) == 0); - assert!(report.count_vulns_of_severity(VulnSeverity::High) == 0); - assert!(report.count_vulns_of_severity(VulnSeverity::Medium) > 0); - assert!(report.count_vulns_of_severity(VulnSeverity::Low) > 0); - assert!(report.count_vulns_of_severity(VulnSeverity::Negligible) > 0); - assert!(!report.is_compliant); + assert_eq!( + report.metadata().pull_string(), + "ubuntu@sha256:a76d0e9d99f0e91640e35824a6259c93156f0f07b7778ba05808c750e7fa6e68" + ); + + assert!(!report.layers().is_empty()); + assert!(!report.vulnerabilities().is_empty()); + assert!(!report.packages().is_empty()); + assert!(report.evaluation_result().is_failed()); + } + + #[test] + #[traced_test] + fn it_logs_invalid_json_on_deserialization_error() { + let invalid_json = b"{\"foo\": \"bar\"}"; + + let result = deserialize_with_debug(invalid_json); + assert!(result.is_err()); + assert!(logs_contain( + "Failed to deserialize scanner output. Raw JSON: {\"foo\": \"bar\"}" + )); } } diff --git a/src/infra/sysdig_image_scanner_json_scan_result_v1.rs b/src/infra/sysdig_image_scanner_json_scan_result_v1.rs new file mode 100644 index 0000000..744f4e3 --- /dev/null +++ b/src/infra/sysdig_image_scanner_json_scan_result_v1.rs @@ -0,0 +1,576 @@ +#![allow(dead_code)] + +use chrono::{DateTime, NaiveDate, Utc}; +use serde::Deserialize; +use std::collections::HashMap; + +use crate::domain::scanresult::{ + accepted_risk_reason::AcceptedRiskReason, + architecture::Architecture, + evaluation_result::EvaluationResult, + operating_system::{Family, OperatingSystem}, + package_type::PackageType, + scan_result::ScanResult, + scan_type::ScanType, + severity::Severity, +}; + +impl From<&JsonScanResultV1> for ScanResult { + fn from(report: &JsonScanResultV1) -> Self { + let mut scan_result = ScanResult::from(&report.result.metadata); + + add_layers(&report.result, &mut scan_result); + add_risk_accepts(&report.result, &mut scan_result); + add_vulnerabilities(&report.result, &mut scan_result); + add_packages(&report.result, &mut scan_result); + add_policies(&report.result, &mut scan_result); + + scan_result + } +} + +fn add_layers(report: &JsonResult, scan_result: &mut ScanResult) { + report + .layers + .values() + .filter(|json_layer| !json_layer.digest.is_empty()) + .for_each(|json_layer| { + scan_result.add_layer( + json_layer.digest.clone(), + json_layer.index, + json_layer.size, + json_layer.command.clone().unwrap_or_default(), + ); + }); +} + +fn add_risk_accepts(result: &JsonResult, scan_result: &mut ScanResult) { + for json_risk in result.risk_accepts.values() { + scan_result.add_accepted_risk( + json_risk.id.clone(), + json_risk.reason.clone().into(), + json_risk.description.clone(), + json_risk.expiration_date, + json_risk.status.eq_ignore_ascii_case("active"), + json_risk.created_at, + json_risk.updated_at, + ); + } +} + +fn add_vulnerabilities(result: &JsonResult, scan_result: &mut ScanResult) { + for v in result.vulnerabilities.values() { + let vuln = scan_result.add_vulnerability( + v.name.clone(), + v.severity.clone().into(), + v.disclosure_date, + v.solution_date, + v.exploitable, + v.fix_version.clone(), + ); + + v.risk_accept_refs + .as_deref() + .unwrap_or_default() + .iter() + .flat_map(|risk_ref| result.risk_accepts.get(risk_ref)) + .flat_map(|json_risk_accept| scan_result.find_accepted_risk_by_id(&json_risk_accept.id)) + .for_each(|risk_accept| vuln.add_accepted_risk(risk_accept)); + } +} + +fn add_packages(result: &JsonResult, scan_result: &mut ScanResult) { + for json_pkg in result.packages.values() { + let Some(json_layer) = result.layers.get(&json_pkg.layer_ref) else { + continue; + }; + + let Some(layer_where_this_package_is_found) = + scan_result.find_layer_by_digest(&json_layer.digest) + else { + continue; + }; + + let pkg = scan_result.add_package( + json_pkg.package_type.clone().into(), + json_pkg.name.clone(), + json_pkg.version.clone(), + json_pkg.path.clone(), + layer_where_this_package_is_found, + ); + + json_pkg + .vulnerabilities_refs + .as_deref() + .unwrap_or_default() + .iter() + .flat_map(|json_vuln_ref| result.vulnerabilities.get(json_vuln_ref)) + .flat_map(|json_vuln| scan_result.find_vulnerability_by_cve(&json_vuln.name)) + .for_each(|vuln| pkg.add_vulnerability_found(vuln)); + + json_pkg + .vulnerabilities_refs + .as_deref() + .unwrap_or_default() + .iter() + .flat_map(|json_vuln_ref| result.vulnerabilities.get(json_vuln_ref)) + .flat_map(|json_vuln| { + json_vuln + .risk_accept_refs + .as_deref() + .unwrap_or_default() + .iter() + }) + .flat_map(|json_risk_accepted_ref| result.risk_accepts.get(json_risk_accepted_ref)) + .flat_map(|json_risk_accepted| { + scan_result.find_accepted_risk_by_id(&json_risk_accepted.id) + }) + .for_each(|risk| pkg.add_accepted_risk(risk)); + } +} + +fn add_policies(result: &JsonResult, scan_result: &mut ScanResult) { + for json_policy in result.policies.evaluations.as_deref().unwrap_or_default() { + let policy = scan_result.add_policy( + json_policy.identifier.clone(), + json_policy.name.clone(), + json_policy.created_at, + json_policy.updated_at, + ); + + for json_bundle in json_policy.bundles.as_deref().unwrap_or_default() { + let policy_bundle = scan_result.add_policy_bundle( + json_bundle.identifier.clone(), + json_bundle.name.clone(), + policy.clone(), + ); + + for json_rule in json_bundle.rules.as_deref().unwrap_or_default() { + let rule = policy_bundle.add_rule( + json_rule.rule_id.clone(), + json_rule.description.clone(), + if json_rule.evaluation_result.eq_ignore_ascii_case("failed") { + EvaluationResult::Failed + } else { + EvaluationResult::Passed + }, + ); + + for json_failure in json_rule.failures.as_deref().unwrap_or_default() { + match json_rule.failure_type.as_str() { + "imageConfigFailure" => { + rule.add_image_config_failure(json_failure.remediation.clone()); + } + "pkgVulnFailure" => { + rule.add_pkg_vuln_failure(failure_message_for( + result, + &json_failure.package_ref, + &json_failure.vulnerability_ref, + )); + } + _ => {} + }; + } + } + } + } +} + +fn failure_message_for(result: &JsonResult, package_ref: &str, vulnerability_ref: &str) -> String { + if let Some(package) = result.packages.get(package_ref) + && let Some(vulnerability) = result.vulnerabilities.get(vulnerability_ref) + { + format!( + "{} found in {} ({})", + vulnerability.name, package.name, package.version + ) + } else { + format!( + "vuln ref {} found in package ref {}", + vulnerability_ref, package_ref + ) + } +} + +impl From<&JsonMetadata> for ScanResult { + fn from(metadata: &JsonMetadata) -> Self { + ScanResult::new( + ScanType::Docker, + metadata.pull_string.clone(), + metadata.image_id.clone(), + metadata.digest.clone(), + OperatingSystem::new(os_family_from_str(&metadata.os), metadata.base_os.clone()), + metadata.size, + arch_from_str(&metadata.architecture), + metadata.labels.clone(), + metadata.created_at, + ) + } +} + +fn os_family_from_str(string: &str) -> Family { + match string.to_lowercase().as_str() { + "linux" => Family::Linux, + "darwin" => Family::Darwin, + "windows" => Family::Windows, + _ => Family::Unknown, + } +} + +fn arch_from_str(string: &str) -> Architecture { + match string.to_lowercase().as_str() { + "amd64" => Architecture::Amd64, + "arm64" => Architecture::Arm64, + _ => Architecture::Unknown, + } +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonScanResultV1 { + pub info: JsonInfo, + pub scanner: JsonScanner, + pub result: JsonResult, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonScanner { + pub name: String, + pub version: String, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonInfo { + #[serde(rename = "scanTime")] + pub scan_time: DateTime, + #[serde(rename = "scanDuration")] + pub scan_duration: String, + #[serde(rename = "resultUrl", default)] + pub result_url: Option, + #[serde(rename = "resultId", default)] + pub result_id: Option, +} + +#[derive(Debug, Deserialize)] +#[serde(rename_all = "camelCase")] +pub enum ContextType { + HostAssetToken, + HostName, + ImageAssetToken, + ImageName, + ImagePrefix, + ImageSuffix, + PackageName, + PackageVersion, +} + +#[derive(Debug, Deserialize)] +#[serde(rename_all = "camelCase")] +pub enum ImageMetadataArchitecture { + Amd64, + Arm, + Arm64, + Loong64, + Mips, + Mips64, + Mips64le, + Mipsle, + N386, + Ppc64, + Ppc64le, + Riscv64, + S390x, + Wasm, +} + +#[derive(Debug, Deserialize, PartialEq, Eq, Hash, Clone)] +#[serde(rename_all = "camelCase")] +pub enum JsonSeverity { + Critical, + High, + Low, + Medium, + Negligible, +} + +impl From for Severity { + fn from(value: JsonSeverity) -> Self { + match value { + JsonSeverity::Critical => Self::Critical, + JsonSeverity::High => Self::High, + JsonSeverity::Low => Self::Low, + JsonSeverity::Medium => Self::Medium, + JsonSeverity::Negligible => Self::Negligible, + } + } +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonBundle { + #[serde(rename = "identifier", default)] + pub identifier: String, + #[serde(rename = "name", default)] + pub name: String, + #[serde(rename = "rules", default)] + pub rules: Option>, + #[serde(rename = "type", default)] + pub bundle_type: String, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonCvssScore { + pub score: f32, + #[serde(default)] // FIXME(fede): test this + pub vector: String, + pub version: String, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonLayer { + #[serde(rename = "command", default)] + pub command: Option, + #[serde(rename = "digest")] + pub digest: String, + #[serde(rename = "index", default)] + pub index: usize, + #[serde(rename = "size", default)] + pub size: Option, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonPackage { + #[serde(rename = "isRemoved", default)] + pub is_removed: bool, + #[serde(rename = "isRunning", default)] + pub is_running: bool, + #[serde(rename = "layerRef")] + pub layer_ref: String, + #[serde(rename = "name")] + pub name: String, + #[serde(rename = "path", default)] + pub path: String, + // FIXME(fede): Maybe we could use this to implement a suggestion to fix in the LSP? + // #[serde(rename = "suggestedFix", default)] + // pub suggested_fix: Option, + #[serde(rename = "type", default)] + pub package_type: JsonPackageType, + #[serde(rename = "version")] + pub version: String, + #[serde(rename = "vulnerabilitiesRefs", default)] + pub vulnerabilities_refs: Option>, +} + +#[derive(Debug, Deserialize, Default, Clone)] +pub(super) enum JsonPackageType { + #[serde(rename = "C#")] + CSharp, + #[serde(rename = "golang")] + Golang, + #[serde(rename = "java")] + Java, + #[serde(rename = "javascript")] + Javascript, + #[serde(rename = "os")] + Os, + #[serde(rename = "php")] + Php, + #[serde(rename = "python")] + Python, + #[serde(rename = "ruby")] + Ruby, + #[serde(rename = "rust")] + Rust, + #[default] + Unknown, +} + +impl From for PackageType { + fn from(value: JsonPackageType) -> Self { + match value { + JsonPackageType::CSharp => Self::CSharp, + JsonPackageType::Golang => Self::Golang, + JsonPackageType::Java => Self::Java, + JsonPackageType::Javascript => Self::Javascript, + JsonPackageType::Os => Self::Os, + JsonPackageType::Php => Self::Php, + JsonPackageType::Python => Self::Python, + JsonPackageType::Ruby => Self::Ruby, + JsonPackageType::Rust => Self::Rust, + JsonPackageType::Unknown => Self::Unknown, + } + } +} + +#[derive(Debug, Deserialize, Default)] +pub(super) struct JsonPolicies { + #[serde(rename = "globalEvaluation", default)] + pub global_evaluation: String, + #[serde(rename = "evaluations", default)] + pub evaluations: Option>, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonPolicy { + #[serde(rename = "bundles", default)] + pub bundles: Option>, + #[serde(rename = "createdAt")] + pub created_at: DateTime, + #[serde(rename = "description", default)] + pub description: String, + #[serde(rename = "evaluation")] + pub evaluation: String, + #[serde(rename = "identifier")] + pub identifier: String, + #[serde(rename = "name")] + pub name: String, + #[serde(rename = "updatedAt")] + pub updated_at: DateTime, +} + +#[derive(Debug, Deserialize, Default)] +pub(super) struct JsonProducer { + #[serde(rename = "producedAt", default)] + pub produced_at: DateTime, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonRiskAccept { + #[serde(rename = "createdAt")] + pub created_at: DateTime, + #[serde(rename = "description", default)] + pub description: String, + #[serde(rename = "entityType")] + pub entity_type: String, + #[serde(rename = "entityValue")] + pub entity_value: String, + #[serde(rename = "expirationDate", default)] + pub expiration_date: Option, + #[serde(rename = "id")] + pub id: String, + #[serde(rename = "reason", default)] + pub reason: JsonRiskAcceptReason, + #[serde(rename = "status")] + pub status: String, + #[serde(rename = "updatedAt")] + pub updated_at: DateTime, +} + +#[derive(Debug, Deserialize, Default, Clone)] +pub(super) enum JsonRiskAcceptReason { + RiskOwned, + RiskTransferred, + RiskAvoided, + RiskMitigated, + RiskNotRelevant, + Custom, + #[default] + Unknown, +} + +impl From for AcceptedRiskReason { + fn from(value: JsonRiskAcceptReason) -> Self { + match value { + JsonRiskAcceptReason::RiskOwned => Self::RiskOwned, + JsonRiskAcceptReason::RiskTransferred => Self::RiskTransferred, + JsonRiskAcceptReason::RiskAvoided => Self::RiskAvoided, + JsonRiskAcceptReason::RiskMitigated => Self::RiskMitigated, + JsonRiskAcceptReason::RiskNotRelevant => Self::RiskNotRelevant, + JsonRiskAcceptReason::Custom => Self::Custom, + JsonRiskAcceptReason::Unknown => Self::Unknown, + } + } +} +#[derive(Debug, Deserialize)] +pub(super) struct JsonRule { + #[serde(rename = "description")] + pub description: String, + #[serde(rename = "evaluationResult", default)] + pub evaluation_result: String, + #[serde(rename = "failureType")] + pub failure_type: String, + #[serde(rename = "failures", default)] + pub failures: Option>, + #[serde(rename = "ruleId", default)] + pub rule_id: String, + #[serde(rename = "ruleType")] + pub rule_type: String, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonFailure { + #[serde(rename = "remediation", default)] + pub remediation: String, + #[serde(rename = "packageRef", default)] + pub package_ref: String, + #[serde(rename = "vulnerabilityRef", default)] + pub vulnerability_ref: String, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonResult { + #[serde(rename = "assetType")] + pub asset_type: String, + #[serde(rename = "layers", default)] + pub layers: HashMap, + #[serde(rename = "metadata")] + pub metadata: JsonMetadata, + #[serde(rename = "packages", default)] + pub packages: HashMap, + #[serde(rename = "policies", default)] + pub policies: JsonPolicies, + #[serde(rename = "producer", default)] + pub producer: JsonProducer, + #[serde(rename = "riskAccepts", default)] + pub risk_accepts: HashMap, + #[serde(rename = "stage")] + pub stage: String, + #[serde(rename = "vulnerabilities", default)] + pub vulnerabilities: HashMap, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonMetadata { + #[serde(rename = "architecture")] + pub architecture: String, + #[serde(rename = "author")] + pub author: String, + #[serde(rename = "baseOs")] + pub base_os: String, + #[serde(rename = "createdAt")] + pub created_at: DateTime, + #[serde(rename = "digest", default)] + pub digest: Option, + #[serde(rename = "imageId")] + pub image_id: String, + #[serde(rename = "labels", default)] + pub labels: HashMap, + #[serde(rename = "os")] + pub os: String, + #[serde(rename = "pullString")] + pub pull_string: String, + #[serde(rename = "size")] + pub size: u64, +} + +#[derive(Debug, Deserialize)] +pub(super) struct JsonVulnerability { + #[serde(rename = "cvssScore")] + pub cvss_score: JsonCvssScore, + #[serde(rename = "disclosureDate", default)] + pub disclosure_date: NaiveDate, + #[serde(rename = "exploitable")] + pub exploitable: bool, + #[serde(rename = "fixVersion", default)] + pub fix_version: Option, + #[serde(rename = "mainProvider", default)] + pub main_provider: String, + #[serde(rename = "name")] + pub name: String, + #[serde(rename = "packageRef", default)] + pub package_ref: String, + #[serde(rename = "riskAcceptRefs", default)] + pub risk_accept_refs: Option>, + #[serde(rename = "severity")] + pub severity: JsonSeverity, + #[serde(rename = "solutionDate", default)] + pub solution_date: Option, +} diff --git a/src/infra/sysdig_image_scanner_result.rs b/src/infra/sysdig_image_scanner_result.rs deleted file mode 100644 index 57e052a..0000000 --- a/src/infra/sysdig_image_scanner_result.rs +++ /dev/null @@ -1,588 +0,0 @@ -#![allow(dead_code)] - -use chrono::{DateTime, NaiveDate, Utc}; -use itertools::Itertools; -use serde::Deserialize; -use std::collections::HashMap; - -use crate::app::{self, ImageScanResult, LayerScanResult, VulnerabilityEntry}; - -impl From for ImageScanResult { - fn from(report: SysdigImageScannerReport) -> Self { - let vulnerabilities = report - .result - .as_ref() - .and_then(|r| r.vulnerabilities.as_ref()) - .map(|map| { - map.values() - .map(|v| VulnerabilityEntry { - id: v.name.clone(), - severity: severity_for(&v.severity), - }) - .collect::>() - }) - .unwrap_or_default(); - - let is_compliant = report - .result - .as_ref() - .and_then(|r| r.policies.as_ref()) - .and_then(|p| p.global_evaluation.as_ref()) - .map(|e| e == &PoliciesGlobalEvaluation::Accepted) - .unwrap_or(false); - - let scan_result_response = report.result.as_ref().expect("the report must always have a scan result response, this one didn't, which should never happen"); - let layers = layers_for_result(scan_result_response); - - ImageScanResult { - vulnerabilities, - is_compliant, - layers: layers.unwrap_or_default(), - } - } -} - -fn layers_for_result(scan: &ScanResultResponse) -> Option> { - let mut layer_map: HashMap<&String, Vec> = HashMap::new(); - - for vuln in scan.vulnerabilities.as_ref()?.values() { - let Some(package_ref) = vuln.package_ref.as_ref() else { - continue; - }; - - let Some(package) = scan.packages.get(package_ref) else { - continue; - }; - - let Some(layer_ref) = package.layer_ref.as_ref() else { - continue; - }; - - layer_map - .entry(layer_ref) - .or_default() - .push(VulnerabilityEntry { - id: vuln.name.clone(), - severity: severity_for(&vuln.severity), - }); - } - - let layers_in_scan = scan.layers.as_ref()?.values(); - - let layers_ordered = layers_in_scan.sorted_by(|left, right| left.index.cmp(&right.index)); - - let layers_converted_to_layer_scan_result = layers_ordered.map(|layer| { - let entries = layer_map.get(&layer.digest).cloned().unwrap_or_default(); - LayerScanResult { - layer_instruction: layer - .command - .as_deref() - .unwrap_or_default() - .strip_prefix("/bin/sh -c #(nop) ") - .unwrap_or_default() - .split_whitespace() - .next() - .unwrap_or_default() - .to_uppercase(), - layer_text: layer.command.clone().unwrap_or_default(), - vulnerabilities: entries, - } - }); - - Some(layers_converted_to_layer_scan_result.collect()) -} - -fn severity_for(sev: &VulnSeverity) -> app::VulnSeverity { - match sev { - VulnSeverity::Critical => app::VulnSeverity::Critical, - VulnSeverity::High => app::VulnSeverity::High, - VulnSeverity::Medium => app::VulnSeverity::Medium, - VulnSeverity::Low => app::VulnSeverity::Low, - VulnSeverity::Negligible => app::VulnSeverity::Negligible, - } -} - -#[derive(Debug, Deserialize)] -pub(super) struct SysdigImageScannerReport { - pub info: Option, - pub scanner: Option, - pub result: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Scanner { - pub name: String, - pub version: String, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Info { - #[serde(rename = "scanTime")] - pub scan_time: DateTime, - #[serde(rename = "scanDuration")] - pub scan_duration: String, - #[serde(rename = "resultUrl", default)] - pub result_url: Option, - #[serde(rename = "resultId", default)] - pub result_id: Option, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum BundleType { - Custom, - Predefined, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum ContextType { - HostAssetToken, - HostName, - ImageAssetToken, - ImageName, - ImagePrefix, - ImageSuffix, - PackageName, - PackageVersion, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum ImageMetadataArchitecture { - Amd64, - Arm, - Arm64, - Loong64, - Mips, - Mips64, - Mips64le, - Mipsle, - N386, - Ppc64, - Ppc64le, - Riscv64, - S390x, - Wasm, -} - -#[derive(Debug, Deserialize, PartialEq, Eq)] -#[serde(rename_all = "camelCase")] -pub enum PoliciesGlobalEvaluation { - Accepted, - Failed, - NoPolicy, - Passed, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum PolicyEvaluationEvaluation { - Accepted, - Failed, - NoPolicy, - Passed, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum PolicyEvaluationResult { - Accepted, - Failed, - NoPolicy, - NotApplicable, - Passed, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum RiskAcceptanceDefinitionStatus { - Active, - Expired, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum RuleEvaluationResult { - Accepted, - Failed, - NotApplicable, - Passed, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum RuleFailureType { - ImageConfigFailure, - PkgVulnFailure, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum ScanResultResponseAssetType { - ContainerImage, - Host, -} - -#[derive(Debug, Deserialize)] -#[serde(rename_all = "camelCase")] -pub enum ScanResultResponseStage { - Pipeline, - Registry, - Runtime, -} - -#[derive(Debug, Deserialize, PartialEq, Eq, Hash)] -#[serde(rename_all = "camelCase")] -pub enum VulnSeverity { - Critical, - High, - Low, - Medium, - Negligible, -} - -pub type CreatedAt = String; -pub type UpdatedAt = String; -pub type Cursor = String; - -#[derive(Debug, Deserialize)] -pub(super) struct BaseImage { - #[serde(rename = "pullStrings", default)] - pub pull_strings: Option>, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Bundle { - #[serde(rename = "identifier", default)] - pub identifier: Option, - #[serde(rename = "name", default)] - pub name: Option, - #[serde(rename = "rules", default)] - pub rules: Option>, - // “type” is a reserved word in Rust, so we need to rename it here. - #[serde(rename = "type", default)] - pub type_: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Context { - #[serde(rename = "type")] - pub type_: ContextType, - #[serde(rename = "value")] - pub value: String, -} - -#[derive(Debug, Deserialize)] -pub(super) struct CvssScore { - pub score: f32, - #[serde(default)] - pub vector: Option, - pub version: String, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Error { - #[serde(rename = "details", default)] - pub details: Option>, - #[serde(rename = "message", default)] - pub message: Option, - #[serde(rename = "type", default)] - pub type_: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Exploit { - pub links: Vec, - #[serde(rename = "publicationDate", default)] - pub publication_date: Option>, -} - -#[derive(Debug, Deserialize)] -pub(super) struct HostMetadata { - #[serde(rename = "architecture", default)] - pub architecture: Option, - #[serde(rename = "hostId", default)] - pub host_id: Option, - #[serde(rename = "hostName", default)] - pub host_name: Option, - #[serde(rename = "os")] - pub os: String, -} - -#[derive(Debug, Deserialize)] -pub(super) struct ImageConfigFailure { - pub arguments: HashMap, - #[serde(rename = "description", default)] - pub description: Option, - #[serde(rename = "packageRef", default)] - pub package_ref: Option, - pub remediation: String, - #[serde(rename = "riskAcceptRefs", default)] - pub risk_accept_refs: Option>, - #[serde(rename = "vulnerabilityRef", default)] - pub vulnerability_ref: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct ImageMetadata { - #[serde(rename = "architecture", default)] - pub architecture: Option, - #[serde(rename = "author", default)] - pub author: Option, - #[serde(rename = "baseOs")] - pub base_os: String, - #[serde(rename = "createdAt")] - pub created_at: CreatedAt, - #[serde(rename = "digest", default)] - pub digest: Option, - #[serde(rename = "imageId")] - pub image_id: String, - #[serde(rename = "labels", default)] - pub labels: Option>, - #[serde(rename = "os")] - pub os: String, - #[serde(rename = "pullString")] - pub pull_string: String, - #[serde(rename = "size")] - pub size: i64, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Layer { - #[serde(rename = "baseImagesRef", default)] - pub base_images_ref: Option>, - #[serde(rename = "command", default)] - pub command: Option, - #[serde(rename = "digest")] - pub digest: String, - #[serde(rename = "index", default)] - pub index: Option, - #[serde(rename = "size", default)] - pub size: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Package { - #[serde(rename = "isRemoved", default)] - pub is_removed: Option, - #[serde(rename = "isRunning", default)] - pub is_running: Option, - #[serde(rename = "layerRef", default)] - pub layer_ref: Option, - #[serde(rename = "license", default)] - pub license: Option, - #[serde(rename = "name")] - pub name: String, - #[serde(rename = "path", default)] - pub path: Option, - #[serde(rename = "suggestedFix", default)] - pub suggested_fix: Option, - #[serde(rename = "type")] - pub package_type: String, - #[serde(rename = "version")] - pub version: String, - #[serde(rename = "vulnerabilitiesRefs", default)] - pub vulnerabilities_refs: Option>, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Page { - #[serde(rename = "next", default)] - pub next: Option, - #[serde(rename = "total", default)] - pub total: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct PipelineResult { - #[serde(rename = "createdAt", default)] - pub created_at: Option, - #[serde(rename = "imageId", default)] - pub image_id: Option, - #[serde(rename = "policyEvaluationResult", default)] - pub policy_evaluation_result: Option, - #[serde(rename = "pullString", default)] - pub pull_string: Option, - #[serde(rename = "resultId", default)] - pub result_id: Option, - #[serde(rename = "vulnTotalBySeverity", default)] - pub vuln_total_by_severity: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct PkgVulnFailure { - pub description: String, - #[serde(rename = "packageRef", default)] - pub package_ref: Option, - #[serde(rename = "riskAcceptRefs", default)] - pub risk_accept_refs: Option>, - #[serde(rename = "vulnerabilityRef", default)] - pub vulnerability_ref: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Policies { - #[serde(rename = "evaluations", default)] - pub evaluations: Option>, - #[serde(rename = "globalEvaluation", default)] - pub global_evaluation: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct PolicyEvaluation { - #[serde(rename = "bundles", default)] - pub bundles: Option>, - #[serde(rename = "createdAt")] - pub created_at: CreatedAt, - #[serde(rename = "description", default)] - pub description: Option, - #[serde(rename = "evaluation")] - pub evaluation: PolicyEvaluationEvaluation, - #[serde(rename = "identifier")] - pub identifier: String, - #[serde(rename = "name")] - pub name: String, - #[serde(rename = "updatedAt")] - pub updated_at: UpdatedAt, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Predicate { - #[serde(rename = "extra", default)] - pub extra: Option>, - #[serde(rename = "type", default)] - pub type_: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Producer { - #[serde(rename = "producedAt", default)] - pub produced_at: Option>, -} - -#[derive(Debug, Deserialize)] -pub(super) struct RiskAcceptanceDefinition { - pub context: Vec, - #[serde(rename = "createdAt")] - pub created_at: CreatedAt, - #[serde(rename = "description", default)] - pub description: Option, - #[serde(rename = "entityType")] - pub entity_type: String, - #[serde(rename = "entityValue")] - pub entity_value: String, - #[serde(rename = "expirationDate", default)] - pub expiration_date: Option, - #[serde(rename = "id")] - pub id: String, - #[serde(rename = "reason", default)] - pub reason: Option, - #[serde(rename = "status")] - pub status: RiskAcceptanceDefinitionStatus, - #[serde(rename = "updatedAt")] - pub updated_at: UpdatedAt, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Rule { - #[serde(rename = "description")] - pub description: String, - #[serde(rename = "evaluationResult", default)] - pub evaluation_result: Option, - #[serde(rename = "failureType")] - pub failure_type: RuleFailureType, - #[serde(rename = "failures", default)] - pub failures: Option>, - #[serde(rename = "predicates", default)] - pub predicates: Option>, - #[serde(rename = "ruleId", default)] - pub rule_id: Option, - #[serde(rename = "ruleType")] - pub rule_type: String, -} - -#[derive(Debug, Deserialize)] -pub(super) struct ScanResultResponse { - #[serde(rename = "assetType")] - pub asset_type: ScanResultResponseAssetType, - #[serde(rename = "baseImages")] - pub base_images: Option>, - #[serde(rename = "layers", default)] - pub layers: Option>, - #[serde(rename = "metadata")] - pub metadata: serde_json::Value, - #[serde(rename = "packages")] - pub packages: HashMap, - #[serde(rename = "policies", default)] - pub policies: Option, - #[serde(rename = "producer", default)] - pub producer: Option, - #[serde(rename = "riskAccepts", default)] - pub risk_accepts: Option>, - #[serde(rename = "stage")] - pub stage: ScanResultResponseStage, - #[serde(rename = "vulnerabilities", default)] - pub vulnerabilities: Option>, -} - -#[derive(Debug, Deserialize)] -pub(super) struct Vuln { - #[serde(rename = "cisaKev", default)] - pub cisa_kev: Option>, - #[serde(rename = "cvssScore")] - pub cvss_score: CvssScore, - #[serde(rename = "disclosureDate", default)] - pub disclosure_date: Option, - #[serde(rename = "exploit", default)] - pub exploit: Option, - #[serde(rename = "exploitable")] - pub exploitable: bool, - #[serde(rename = "fixVersion", default)] - pub fix_version: Option, - #[serde(rename = "mainProvider", default)] - pub main_provider: Option, - #[serde(rename = "name")] - pub name: String, - #[serde(rename = "packageRef", default)] - pub package_ref: Option, - #[serde(rename = "providersMetadata")] - pub providers_metadata: HashMap, - #[serde(rename = "riskAcceptRefs")] - pub risk_accept_refs: Option>, - #[serde(rename = "severity")] - pub severity: VulnSeverity, - #[serde(rename = "solutionDate", default)] - pub solution_date: Option, -} - -#[derive(Debug, Deserialize)] -pub(super) struct VulnTotalBySeverity { - #[serde(rename = "critical", default)] - pub critical: Option, - #[serde(rename = "high", default)] - pub high: Option, - #[serde(rename = "low", default)] - pub low: Option, - #[serde(rename = "medium", default)] - pub medium: Option, - #[serde(rename = "negligible", default)] - pub negligible: Option, -} - -pub type BadRequest = Error; -pub type Conflict = Error; -pub type Forbidden = Error; -pub type InternalServerError = Error; -pub type TooManyRequests = Error; -pub type Unauthorized = Error; - -#[derive(Debug, Deserialize)] -pub(super) struct GetSecureVulnerabilityV1PipelineResultsParams { - #[serde(rename = "cursor", default)] - pub cursor: Option, - #[serde(rename = "limit", default)] - pub limit: Option, - #[serde(rename = "filter", default)] - pub filter: Option, -} From e44c496ef11f684354f4890c5e64d8c3c7b2bfa9 Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Tue, 30 Sep 2025 18:08:42 +0200 Subject: [PATCH 3/4] ci: add tests with postgres:13 --- src/app/commands.rs | 99 +- src/infra/sysdig_image_scanner.rs | 2 +- ...ysdig_image_scanner_json_scan_result_v1.rs | 97 +- tests/fixtures/scan-results/postgres_13.json | 9083 +++++++++++++++++ 4 files changed, 9186 insertions(+), 95 deletions(-) create mode 100644 tests/fixtures/scan-results/postgres_13.json diff --git a/src/app/commands.rs b/src/app/commands.rs index be352b7..38dae06 100644 --- a/src/app/commands.rs +++ b/src/app/commands.rs @@ -104,34 +104,18 @@ where }; if !scan_result.vulnerabilities().is_empty() { + let vulns = scan_result + .vulnerabilities() + .iter() + .counts_by(|v| v.severity()); diagnostic.message = format!( "Vulnerabilities found for {}: {} Critical, {} High, {} Medium, {} Low, {} Negligible", image_name, - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Critical) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::High) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Medium) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Low) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Negligible) }) - .count(), + vulns.get(&Severity::Critical).unwrap_or(&0_usize), + vulns.get(&Severity::High).unwrap_or(&0_usize), + vulns.get(&Severity::Medium).unwrap_or(&0_usize), + vulns.get(&Severity::Low).unwrap_or(&0_usize), + vulns.get(&Severity::Negligible).unwrap_or(&0_usize), ); diagnostic.severity = Some(if scan_result.evaluation_result().is_passed() { @@ -245,33 +229,14 @@ pub fn diagnostics_for_layers( layer_idx = layer_idx.and_then(|x| x.checked_sub(1)); if !layer.vulnerabilities().is_empty() { + let vulns = layer.vulnerabilities().iter().counts_by(|v| v.severity()); let msg = format!( "Vulnerabilities found in layer: {} Critical, {} High, {} Medium, {} Low, {} Negligible", - layer - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Critical) }) - .count(), - layer - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::High) }) - .count(), - layer - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Medium) }) - .count(), - layer - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Low) }) - .count(), - layer - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Negligible) }) - .count(), + vulns.get(&Severity::Critical).unwrap_or(&0_usize), + vulns.get(&Severity::High).unwrap_or(&0_usize), + vulns.get(&Severity::Medium).unwrap_or(&0_usize), + vulns.get(&Severity::Low).unwrap_or(&0_usize), + vulns.get(&Severity::Negligible).unwrap_or(&0_usize), ); let diagnostic = Diagnostic { range: instr.range, @@ -339,33 +304,17 @@ fn diagnostic_for_image(line: u32, document_text: &str, scan_result: &ScanResult }; if !scan_result.vulnerabilities().is_empty() { + let vulns = scan_result + .vulnerabilities() + .iter() + .counts_by(|v| v.severity()); diagnostic.message = format!( "Total vulnerabilities found: {} Critical, {} High, {} Medium, {} Low, {} Negligible", - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Critical) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::High) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Medium) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Low) }) - .count(), - scan_result - .vulnerabilities() - .iter() - .filter(|v| { matches!(v.severity(), Severity::Negligible) }) - .count(), + vulns.get(&Severity::Critical).unwrap_or(&0_usize), + vulns.get(&Severity::High).unwrap_or(&0_usize), + vulns.get(&Severity::Medium).unwrap_or(&0_usize), + vulns.get(&Severity::Low).unwrap_or(&0_usize), + vulns.get(&Severity::Negligible).unwrap_or(&0_usize), ); diagnostic.severity = Some(if scan_result.evaluation_result().is_passed() { diff --git a/src/infra/sysdig_image_scanner.rs b/src/infra/sysdig_image_scanner.rs index 5363fb3..fb3329d 100644 --- a/src/infra/sysdig_image_scanner.rs +++ b/src/infra/sysdig_image_scanner.rs @@ -124,7 +124,7 @@ impl SysdigImageScanner { impl ImageScanner for SysdigImageScanner { async fn scan_image(&self, image_pull_string: &str) -> Result { let scan = self.scan(image_pull_string).await?; - Ok(ScanResult::from(&scan)) + Ok(ScanResult::from(scan)) } } diff --git a/src/infra/sysdig_image_scanner_json_scan_result_v1.rs b/src/infra/sysdig_image_scanner_json_scan_result_v1.rs index 744f4e3..f08c312 100644 --- a/src/infra/sysdig_image_scanner_json_scan_result_v1.rs +++ b/src/infra/sysdig_image_scanner_json_scan_result_v1.rs @@ -15,8 +15,8 @@ use crate::domain::scanresult::{ severity::Severity, }; -impl From<&JsonScanResultV1> for ScanResult { - fn from(report: &JsonScanResultV1) -> Self { +impl From for ScanResult { + fn from(report: JsonScanResultV1) -> Self { let mut scan_result = ScanResult::from(&report.result.metadata); add_layers(&report.result, &mut scan_result); @@ -225,20 +225,20 @@ fn arch_from_str(string: &str) -> Architecture { } } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonScanResultV1 { pub info: JsonInfo, pub scanner: JsonScanner, pub result: JsonResult, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonScanner { pub name: String, pub version: String, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonInfo { #[serde(rename = "scanTime")] pub scan_time: DateTime, @@ -283,7 +283,7 @@ pub enum ImageMetadataArchitecture { } #[derive(Debug, Deserialize, PartialEq, Eq, Hash, Clone)] -#[serde(rename_all = "camelCase")] +#[serde(rename_all = "lowercase")] pub enum JsonSeverity { Critical, High, @@ -304,7 +304,7 @@ impl From for Severity { } } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonBundle { #[serde(rename = "identifier", default)] pub identifier: String, @@ -316,7 +316,7 @@ pub(super) struct JsonBundle { pub bundle_type: String, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonCvssScore { pub score: f32, #[serde(default)] // FIXME(fede): test this @@ -324,7 +324,7 @@ pub(super) struct JsonCvssScore { pub version: String, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonLayer { #[serde(rename = "command", default)] pub command: Option, @@ -336,7 +336,7 @@ pub(super) struct JsonLayer { pub size: Option, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonPackage { #[serde(rename = "isRemoved", default)] pub is_removed: bool, @@ -400,7 +400,7 @@ impl From for PackageType { } } -#[derive(Debug, Deserialize, Default)] +#[derive(Debug, Deserialize, Default, Clone)] pub(super) struct JsonPolicies { #[serde(rename = "globalEvaluation", default)] pub global_evaluation: String, @@ -408,7 +408,7 @@ pub(super) struct JsonPolicies { pub evaluations: Option>, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonPolicy { #[serde(rename = "bundles", default)] pub bundles: Option>, @@ -426,13 +426,13 @@ pub(super) struct JsonPolicy { pub updated_at: DateTime, } -#[derive(Debug, Deserialize, Default)] +#[derive(Debug, Deserialize, Default, Clone)] pub(super) struct JsonProducer { #[serde(rename = "producedAt", default)] pub produced_at: DateTime, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonRiskAccept { #[serde(rename = "createdAt")] pub created_at: DateTime, @@ -479,7 +479,7 @@ impl From for AcceptedRiskReason { } } } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonRule { #[serde(rename = "description")] pub description: String, @@ -495,7 +495,7 @@ pub(super) struct JsonRule { pub rule_type: String, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonFailure { #[serde(rename = "remediation", default)] pub remediation: String, @@ -505,7 +505,7 @@ pub(super) struct JsonFailure { pub vulnerability_ref: String, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonResult { #[serde(rename = "assetType")] pub asset_type: String, @@ -527,7 +527,7 @@ pub(super) struct JsonResult { pub vulnerabilities: HashMap, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonMetadata { #[serde(rename = "architecture")] pub architecture: String, @@ -551,7 +551,7 @@ pub(super) struct JsonMetadata { pub size: u64, } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub(super) struct JsonVulnerability { #[serde(rename = "cvssScore")] pub cvss_score: JsonCvssScore, @@ -574,3 +574,62 @@ pub(super) struct JsonVulnerability { #[serde(rename = "solutionDate", default)] pub solution_date: Option, } + +#[cfg(test)] +mod tests { + use crate::{ + domain::scanresult::{scan_result::ScanResult, severity::Severity}, + infra::sysdig_image_scanner_json_scan_result_v1::JsonScanResultV1, + }; + + #[test] + fn it_loads_postgres13() { + let postgres_13_json = include_bytes!("../../tests/fixtures/scan-results/postgres_13.json"); + let json_scan_result: JsonScanResultV1 = serde_json::from_slice(postgres_13_json).unwrap(); + + let scan_result: ScanResult = json_scan_result.clone().into(); + + assert_eq!(json_scan_result.result.vulnerabilities.len(), 100); + assert_eq!( + scan_result + .vulnerabilities() + .iter() + .filter(|v| v.severity() == Severity::Critical) + .count(), + 2 + ); + assert_eq!( + scan_result + .vulnerabilities() + .iter() + .filter(|v| v.severity() == Severity::High) + .count(), + 3 + ); + assert_eq!( + scan_result + .vulnerabilities() + .iter() + .filter(|v| v.severity() == Severity::Medium) + .count(), + 1 + ); + assert_eq!( + scan_result + .vulnerabilities() + .iter() + .filter(|v| v.severity() == Severity::Low) + .count(), + 2 + ); + assert_eq!( + scan_result + .vulnerabilities() + .iter() + .filter(|v| v.severity() == Severity::Negligible) + .count(), + 32 + ); + // assert_eq!(scan_result.vulnerabilities().len(), 97); + } +} diff --git a/tests/fixtures/scan-results/postgres_13.json b/tests/fixtures/scan-results/postgres_13.json new file mode 100644 index 0000000..363b022 --- /dev/null +++ b/tests/fixtures/scan-results/postgres_13.json @@ -0,0 +1,9083 @@ +{ + "info": { + "scanTime": "2025-09-30T18:05:33.318466678+02:00", + "scanDuration": "10.413926974s" + }, + "scanner": { + "name": "sysdig-cli-scanner", + "version": "1.22.6" + }, + "result": { + "assetType": "containerImage", + "baseImages": {}, + "layers": { + "08d104126c2bef07": { + "command": "RUN /bin/sh -c mkdir /docker-entrypoint-initdb.d # buildkit", + "digest": "sha256:04d52f0a5b32b0f627bbd4427a0374f0a8d2d409dbbfda0099d89b87c774df36", + "index": 8, + "size": 1536 + }, + "16b1334e5e106095": { + "command": "CMD [\"postgres\"]", + "digest": "", + "index": 24, + "size": null + }, + "21de8b434e1f6a54": { + "command": "RUN /bin/sh -c set -eux; \tgroupadd -r postgres --gid=999; \tuseradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \tinstall --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # buildkit", + "digest": "sha256:a9b74bbbba249d0a370c711687340045a284abfa6e24f89c9d3c5a9be2de1aff", + "index": 1, + "size": 12288 + }, + "4241419ad399279c": { + "command": "ENV GOSU_VERSION=1.19", + "digest": "", + "index": 3, + "size": null + }, + "50afb053e344b003": { + "command": "RUN /bin/sh -c set -eux; \tdpkg-divert --add --rename --divert \"/usr/share/postgresql/postgresql.conf.sample.dpkg\" \"/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample\"; \tcp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \tln -sv ../postgresql.conf.sample \"/usr/share/postgresql/$PG_MAJOR/\"; \tsed -ri \"s!^#?(listen_addresses)\\s*=\\s*\\S+.*!\\1 = '*'!\" /usr/share/postgresql/postgresql.conf.sample; \tgrep -F \"listen_addresses = '*'\" /usr/share/postgresql/postgresql.conf.sample # buildkit", + "digest": "sha256:d44c6a39459c96a41e4d1c89b62b320c8e841001035335cbdc5ab5b7da7f82be", + "index": 14, + "size": 65536 + }, + "54eba2b14cb47462": { + "command": "COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ # buildkit", + "digest": "sha256:8a862d07f237fe4edd74310e99a6d69d76b241933f1450bf9339d65a3ec3ad69", + "index": 19, + "size": 20480 + }, + "570de6e1fec4d37e": { + "command": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tlibnss-wrapper \t\txz-utils \t\tzstd \t; \trm -rf /var/lib/apt/lists/* # buildkit", + "digest": "sha256:dad63314a339ae2200d0a62a6aa54f17f5dac2769bc82d482870e8fd50c99334", + "index": 7, + "size": 3480576 + }, + "6e74c36088c00d42": { + "command": "RUN /bin/sh -c set -ex; \tkey='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \texport GNUPGHOME=\"$(mktemp -d)\"; \tmkdir -p /usr/local/share/keyrings/; \tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tgpg --batch --export --armor \"$key\" \u003e /usr/local/share/keyrings/postgres.gpg.asc; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" # buildkit", + "digest": "sha256:ca7f2e5210d61f5c629aef27c6707a26ce04f1688b4d3e2fad36a50b2de346ff", + "index": 9, + "size": 7680 + }, + "702abede00c4d717": { + "command": "RUN /bin/sh -c install --verbose --directory --owner postgres --group postgres --mode 1777 \"$PGDATA\" # buildkit", + "digest": "sha256:165c98f7e69be68ebf608c15ce8261caa50106a1fa26a6fdd9ccda5338fbf1c7", + "index": 17, + "size": 3072 + }, + "74be1f9e2af2da58": { + "command": "# debian.sh --arch 'amd64' out/ 'trixie' '@1759104000'", + "digest": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447", + "index": 0, + "size": 81036288 + }, + "768837ca9e98862a": { + "command": "RUN /bin/sh -c set -ex; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tgnupg \t\tless \t; \trm -rf /var/lib/apt/lists/* # buildkit", + "digest": "sha256:af76e12aa831a3a89bd606289fdb9aa7b0f0e468acbe1216eee438865b4955eb", + "index": 2, + "size": 16125440 + }, + "78f8eadc30014501": { + "command": "VOLUME [/var/lib/postgresql/data]", + "digest": "", + "index": 18, + "size": null + }, + "803b83ea60f3f63d": { + "command": "RUN /bin/sh -c install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql # buildkit", + "digest": "sha256:1ec74d0a02a7eb8da0f2651d5ae74d35644f662811f860784e3a454aa71f7c60", + "index": 15, + "size": 2048 + }, + "80c2a358282b58c1": { + "command": "RUN /bin/sh -c set -eux; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends ca-certificates wget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \texport GNUPGHOME=\"$(mktemp -d)\"; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark \u003e /dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true # buildkit", + "digest": "sha256:01e8a18dc9b2e9d81cb2ec31a00d4e4a210382fde795d988367e462d7965d7c4", + "index": 4, + "size": 3649024 + }, + "8289b8a57dcaae35": { + "command": "RUN /bin/sh -c ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh # buildkit", + "digest": "sha256:652ca06ded6e600cfb0ffbde7d805b51b5722e3696f4c98fff942e6240fc0591", + "index": 20, + "size": 3072 + }, + "8c309970ab280beb": { + "command": "EXPOSE map[5432/tcp:{}]", + "digest": "", + "index": 23, + "size": null + }, + "950453ae013fcb84": { + "command": "ENTRYPOINT [\"docker-entrypoint.sh\"]", + "digest": "", + "index": 21, + "size": null + }, + "96d76d6e42cc5247": { + "command": "STOPSIGNAL SIGINT", + "digest": "", + "index": 22, + "size": null + }, + "9901b8cfbd1769d2": { + "command": "ENV PGDATA=/var/lib/postgresql/data", + "digest": "", + "index": 16, + "size": null + }, + "b08bb40a41139393": { + "command": "ENV PG_MAJOR=13", + "digest": "", + "index": 10, + "size": null + }, + "b091b70f8c607940": { + "command": "RUN /bin/sh -c set -eux; \tif [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \t\tgrep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \t\tsed -ri '/\\/usr\\/share\\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \t\t! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \tfi; \tapt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \techo 'en_US.UTF-8 UTF-8' \u003e\u003e /etc/locale.gen; \tlocale-gen; \tlocale -a | grep 'en_US.utf8' # buildkit", + "digest": "sha256:60587f31ccd4bc683f744f53b44b0ea1321cd59e15fa6c09c7cf12dfdfcac8f6", + "index": 5, + "size": 26179072 + }, + "bdf63e2463dd8cd4": { + "command": "RUN /bin/sh -c set -ex; \t\texport PYTHONDONTWRITEBYTECODE=1; \t\tdpkgArch=\"$(dpkg --print-architecture)\"; \taptRepo=\"[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt trixie-pgdg main $PG_MAJOR\"; \tcase \"$dpkgArch\" in \t\tamd64 | arm64 | ppc64el) \t\t\techo \"deb $aptRepo\" \u003e /etc/apt/sources.list.d/pgdg.list; \t\t\tapt-get update; \t\t\t;; \t\t*) \t\t\techo \"deb-src $aptRepo\" \u003e /etc/apt/sources.list.d/pgdg.list; \t\t\t\t\t\tsavedAptMark=\"$(apt-mark showmanual)\"; \t\t\t\t\t\ttempDir=\"$(mktemp -d)\"; \t\t\tcd \"$tempDir\"; \t\t\t\t\t\tapt-get update; \t\t\tapt-get install -y --no-install-recommends dpkg-dev; \t\t\techo \"deb [ trusted=yes ] file://$tempDir ./\" \u003e /etc/apt/sources.list.d/temp.list; \t\t\t_update_repo() { \t\t\t\tdpkg-scanpackages . \u003e Packages; \t\t\t\tapt-get -o Acquire::GzipIndexes=false update; \t\t\t}; \t\t\t_update_repo; \t\t\t\t\t\tnproc=\"$(nproc)\"; \t\t\texport DEB_BUILD_OPTIONS=\"nocheck parallel=$nproc\"; \t\t\tapt-get build-dep -y postgresql-common-dev; \t\t\tapt-get source --compile postgresql-common-dev; \t\t\t_update_repo; \t\t\tDEBIAN_FRONTEND=noninteractive \t\t\tapt-get build-dep -y \"postgresql-$PG_MAJOR=$PG_VERSION\"; \t\t\tapt-get source --compile \"postgresql-$PG_MAJOR=$PG_VERSION\"; \t\t\t\t\t\t\t\t\tapt-mark showmanual | xargs apt-mark auto \u003e /dev/null; \t\t\tapt-mark manual $savedAptMark; \t\t\t\t\t\tls -lAFh; \t\t\t_update_repo; \t\t\tgrep '^Package: ' Packages; \t\t\tcd /; \t\t\t;; \tesac; \t\tapt-get install -y --no-install-recommends postgresql-common; \tsed -ri 's/#(create_main_cluster) .*$/\\1 = false/' /etc/postgresql-common/createcluster.conf; \tapt-get install -y --no-install-recommends \t\t\"postgresql-$PG_MAJOR=$PG_VERSION\" \t; \t\trm -rf /var/lib/apt/lists/*; \t\tif [ -n \"$tempDir\" ]; then \t\tapt-get purge -y --auto-remove; \t\trm -rf \"$tempDir\" /etc/apt/sources.list.d/temp.list; \tfi; \t\tfind /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S \"$pyc\" \u0026\u003e /dev/null || rm -vf \"$pyc\"; done' -- '{}' +; \t\tpostgres --version # buildkit", + "digest": "sha256:53b727d264e99f47eee04e441d3a95687f41c02e0a1c40831af93ac3352e1741", + "index": 13, + "size": 314600448 + }, + "e64b90f15ece9361": { + "command": "ENV PG_VERSION=13.22-1.pgdg13+1", + "digest": "", + "index": 12, + "size": null + }, + "e886570c909f12d7": { + "command": "ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/13/bin", + "digest": "", + "index": 11, + "size": null + }, + "fb3e7d3e2c6141d7": { + "command": "ENV LANG=en_US.utf8", + "digest": "", + "index": 6, + "size": null + } + }, + "metadata": { + "architecture": "amd64", + "author": "", + "baseOs": "debian 13.1", + "createdAt": "2025-09-23T19:31:05Z", + "digest": "sha256:872f5d331703bad80f6e70b1a29689af3fe34edfb8870b904d1d21cbea121ebd", + "imageId": "sha256:d0fadebcd05d3622f0445b598ab79bacf0bc72a6771732cf06503093273d4a4a", + "os": "linux", + "pullString": "postgres:13", + "size": 445186560 + }, + "packages": { + "061ea139-81fe-4583-a730-b23fce8d7dc1": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.0-or-later", + "name": "sqv", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.3.0-3", + "vulnerabilitiesRefs": null + }, + "06404ba8-9b08-4948-95ca-f180330c4ec6": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "grep", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.11-4", + "vulnerabilitiesRefs": null + }, + "06a6272c-0ee5-4be0-8bd2-a812d2a5ccf9": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "mount", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "c3e3a4cb-d018-4c3e-a37a-64359a839540" + ] + }, + "06d0987c-027a-48bb-bc79-04f4e8c3a179": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause", + "name": "passwd", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.17.4-2", + "vulnerabilitiesRefs": [ + "eb808ff2-b45f-4614-82c7-6e1930f877ab", + "1ddecaaa-b56f-4aac-9337-12c6c70e5ae3" + ] + }, + "06e6c444-0413-4690-ab6e-2f684d6342fb": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libsemanage2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.8.1-1", + "vulnerabilitiesRefs": null + }, + "09e5728e-ed17-45af-ad8c-f2f94e5f7102": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-3+", + "name": "libgdbm-compat4t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.24-2", + "vulnerabilitiesRefs": null + }, + "0a109d23-e40f-4a3f-a076-121e75ab7a57": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "BSD-3-Clause-Attribution", + "name": "libsasl2-2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.1.28+dfsg1-9", + "vulnerabilitiesRefs": null + }, + "12c52b2a-8f6c-4b72-bab7-8b124880f287": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "Artistic or GPL-1+", + "name": "libtext-charwidth-perl", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.04-11+b4", + "vulnerabilitiesRefs": null + }, + "14c06965-a92f-4fe0-93d8-fdbe501fe202": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-1+ or Artistic", + "name": "libperl5.40", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.40.1-6", + "vulnerabilitiesRefs": [ + "fd9a7a3b-992d-4ba2-8e30-91efcf74b91c" + ] + }, + "16da22e7-3057-4610-8f9d-9057de7fb899": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "PostgreSQL", + "name": "postgresql-13", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "13.22-1.pgdg13+1", + "vulnerabilitiesRefs": null + }, + "17292257-67d4-4c07-8d41-e9dc9ba0932b": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-2-Clause", + "name": "libdebconfclient0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.280", + "vulnerabilitiesRefs": null + }, + "17a28133-7862-46ee-ad86-2f8533011242": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "sed", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "4.9-2", + "vulnerabilitiesRefs": null + }, + "1acf41bb-2dc3-47a9-8131-db19c8a08949": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "debianutils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.23.2", + "vulnerabilitiesRefs": null + }, + "1beaf26f-93ff-460c-88a8-08d3c5e7493a": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+ or LGPL-3+", + "name": "libgmp10", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2:6.3.0+dfsg-3", + "vulnerabilitiesRefs": null + }, + "1d246bab-267f-4305-852d-4bc8b9b9195b": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "liblastlog2-2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "4aca8ba3-72eb-4d6a-8ee1-45a794dd2339" + ] + }, + "1dc2b2ad-ad02-450d-8301-2dd6b675a445": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "BSD-3-Clause-Attribution", + "name": "libsasl2-modules-db", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.1.28+dfsg1-9", + "vulnerabilitiesRefs": null + }, + "1e0c78c9-d5cf-4324-bb94-8a3990cdb526": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+ or Less", + "name": "less", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "668-1", + "vulnerabilitiesRefs": null + }, + "1e2df566-57d6-4f58-b83f-be78918ecaff": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libsemanage-common", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.8.1-1", + "vulnerabilitiesRefs": null + }, + "1e54a742-6808-4e2b-baad-c87cb7b8605d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "MIT/X11", + "name": "ncurses-base", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "6.5+20250216-2", + "vulnerabilitiesRefs": [ + "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + ] + }, + "1e98b723-f7ef-4768-8573-e6839cddfecc": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "libk5crypto3", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.21.3-5", + "vulnerabilitiesRefs": [ + "4eed6c04-e81a-44df-9037-8b901dfcd414", + "4e7ad112-5423-49d1-881b-706ac82f98a5", + "b50edb69-c04b-492b-af6c-eb1db603c37d" + ] + }, + "1ebf6ebb-a3f9-46ae-bda6-0a4eed79f4d3": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "PostgreSQL", + "name": "postgresql-client-13", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "13.22-1.pgdg13+1", + "vulnerabilitiesRefs": null + }, + "1f7a1f0c-6818-4d03-a103-6a1f00f9c98c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "public-domain", + "name": "tzdata", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2025b-4+deb13u1", + "vulnerabilitiesRefs": null + }, + "24ab96f2-0e01-44c5-9c66-96c294ea6a89": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "netbase", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "6.5", + "vulnerabilitiesRefs": null + }, + "2666a2aa-450a-4887-89ea-ebdc8a0931da": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libblkid1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "6b3df191-9ca7-4a50-9e4d-eb2e5ace9882" + ] + }, + "27d57e27-c243-47f5-aeea-62165f550e47": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "libreadline8t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "8.2-6", + "vulnerabilitiesRefs": null + }, + "281a8491-5767-424b-ab37-382583010aaa": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "diffutils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:3.10-4", + "vulnerabilitiesRefs": null + }, + "291b6559-ce33-4663-b4c6-a3087e0b9fd0": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-2+", + "name": "adduser", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.152", + "vulnerabilitiesRefs": null + }, + "2a571217-e6c3-4f9a-8f20-6255b303f673": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "BSD-3-clause", + "name": "libp11-kit0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.25.5-3", + "vulnerabilitiesRefs": null + }, + "2bac832a-c8df-4646-89f0-0f3720ac8fe9": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-Clause", + "name": "dash", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.5.12-12", + "vulnerabilitiesRefs": null + }, + "31185887-18fc-4d46-b715-7bc34004c1e2": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL", + "name": "libpam-runtime", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.7.0-5", + "vulnerabilitiesRefs": [ + "385eecc2-341e-474f-b602-d4fb7f326446" + ] + }, + "328fae34-ba4c-45c9-9f92-79d265f820c0": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "base-files", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "13.8+deb13u1", + "vulnerabilitiesRefs": null + }, + "3313a8c9-79f6-4116-b1e0-cf30ac3e3073": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libattr1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:2.5.2-3", + "vulnerabilitiesRefs": null + }, + "356da126-0f0b-4e1a-863b-8e04dd79694d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "libcom-err2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.47.2-3+b3", + "vulnerabilitiesRefs": null + }, + "35f4eefb-1141-4c8b-b766-7109df07aa30": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libcap-ng0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.8.5-4+b1", + "vulnerabilitiesRefs": null + }, + "382b36cc-6c90-44da-8b5a-cadb7a1dff48": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "Artistic or GPL-1+", + "name": "libtext-wrapi18n-perl", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.06-10", + "vulnerabilitiesRefs": null + }, + "3bc64fef-5da9-475b-813f-32d495b75956": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL", + "name": "debian-archive-keyring", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2025.1", + "vulnerabilitiesRefs": null + }, + "3c672767-0090-49b9-8350-cdb477977705": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause", + "name": "libmd0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.1.0-2+b1", + "vulnerabilitiesRefs": null + }, + "3d8a4900-1b0c-4258-bcd6-e42100708978": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libmount1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "4cd8e90a-7042-436e-a8f8-54a81a3d7562" + ] + }, + "3f3da671-46cb-47b3-b154-175d5b8b6845": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "APACHE-2-LLVM-EXCEPTIONS", + "name": "libllvm19", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:19.1.7-3+b1", + "vulnerabilitiesRefs": [ + "92d2dd1b-6296-4600-a78a-9eb5862a19c4" + ] + }, + "3fee61e3-25a1-48c6-91f1-389523bb4c6c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "MIT/X11", + "name": "ncurses-bin", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "6.5+20250216-2", + "vulnerabilitiesRefs": [ + "e714addb-59d7-41c2-acdc-aced15d0cbdc" + ] + }, + "4228ee88-50ce-4578-bcc5-5c113e868b7f": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "libkrb5-3", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.21.3-5", + "vulnerabilitiesRefs": [ + "16780329-6aea-4dd4-9cf3-1eeaa1d1aefd", + "9628aabc-6757-4def-af38-b56626c5b9ec", + "809790ac-b019-4679-9f39-3446e0b48c58" + ] + }, + "4758d3a2-802f-4e0f-9cac-ecd5c24f4ad5": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-1+ or Artistic", + "name": "perl-modules-5.40", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.40.1-6", + "vulnerabilitiesRefs": [ + "7c4bad57-191b-461f-bf27-8cdf1ec77c6d" + ] + }, + "48cb122c-c1ed-4647-b334-ba1af6eeec39": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-1+ or Artistic", + "name": "perl", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.40.1-6", + "vulnerabilitiesRefs": [ + "6c2b9a2b-2fd5-4c49-9a96-ca21a8e38dd6" + ] + }, + "4912ec38-47b5-4d7f-bd2b-a3886ca9cd40": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "apt", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.0.3", + "vulnerabilitiesRefs": [ + "c32b25f0-8d1a-4e4c-9df8-1819dd600d78" + ] + }, + "4936a23b-6aed-4bf0-9f1c-bcfeb3e72a07": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-2+", + "name": "pinentry-curses", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.3.1-2", + "vulnerabilitiesRefs": null + }, + "4f082c32-fac8-4bad-9701-47dea8a9214a": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libsepol2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.8.1-1", + "vulnerabilitiesRefs": null + }, + "4fd19d8e-75d5-4ff1-8cf2-35718a4b79fc": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "name": "libpcre2-8-0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "10.46-1~deb13u1", + "vulnerabilitiesRefs": null + }, + "515e5a6d-1f98-433b-998d-ef89134f238c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "util-linux", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "25676533-32b1-430e-b204-f4f39069bd31" + ] + }, + "531d990c-5aec-4c7c-b4ec-dcd0c92ac799": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "Apache-2.0", + "name": "libssl3t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.5.1-1", + "vulnerabilitiesRefs": null + }, + "54b5316d-44a9-462e-8bdb-15491392ff79": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GFDL-NIV-1.3+ or GFDL-NIV-1.3+", + "name": "findutils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "4.10.0-3", + "vulnerabilitiesRefs": null + }, + "5509463c-4cd6-4054-83a5-2a3a213fd5bc": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gpg", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21+b3", + "vulnerabilitiesRefs": [ + "507fb587-5dc4-4d89-9415-198caefad195" + ] + }, + "56032e00-b2c3-4782-8a7c-1083739e7372": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "name": "libxslt1.1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.1.35-1.2+deb13u2", + "vulnerabilitiesRefs": [ + "c905d112-14c4-4aa0-8b5a-9ca75c0baf31", + "7bdb12db-2446-4695-9045-c431567619b3", + "ec94f263-eb47-4984-bc73-7b09e8754747" + ] + }, + "572cd4ba-c039-4906-b9f2-78904c4eab74": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2", + "name": "libaudit-common", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.0.2-2", + "vulnerabilitiesRefs": null + }, + "58270767-3784-4f00-83a5-1fe7f84fd491": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "libgssapi-krb5-2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.21.3-5", + "vulnerabilitiesRefs": [ + "29afc1b3-1585-423b-a629-267d39dd982b", + "fb0ed0be-1325-4ba7-9289-f6b565991fba", + "0307fe27-fd2a-4871-a880-b2d6765717bc" + ] + }, + "59ba8daf-aa38-4650-a2d1-ff88a85e2f01": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-variant", + "name": "libbz2-1.0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.0.8-6", + "vulnerabilitiesRefs": null + }, + "5c7cdda5-b525-454e-9512-3f1879133b6b": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "PostgreSQL", + "name": "libpq5", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "18.0-1.pgdg13+3", + "vulnerabilitiesRefs": null + }, + "5e1e273e-eb12-4e60-bf05-e2d7388527b4": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2+", + "name": "postgresql-client-common", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "283.pgdg13+1", + "vulnerabilitiesRefs": null + }, + "6542a4e5-f297-41d0-bba0-0a33e4214147": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libc-bin", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-12", + "vulnerabilitiesRefs": [ + "9b7c961c-1ad5-4ea2-9e8a-8b5d31cfeac2", + "cdd687a1-8e35-471a-816e-9e41b4ded774", + "af2d447a-5fa4-4759-94b4-87a00860763b", + "80f16cf6-1ce9-4a56-a621-e86ff331d0d1", + "77520018-4f82-4800-b258-11e8c8d78e86", + "c1bb9379-0ecf-4988-83cd-0259b416d83a", + "4fb032e8-9869-47c0-bf17-203e2eca987d" + ] + }, + "673e0f05-128d-4ca6-8109-bcb73a045fe2": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "FSFUL", + "name": "libksba8", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.6.7-2+b1", + "vulnerabilitiesRefs": null + }, + "694866c7-f9bd-46b3-9a50-8100b36e39d3": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "The main library is licensed under GNU Lesser", + "name": "libgnutls30t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.8.9-3", + "vulnerabilitiesRefs": [ + "0dee0f9b-36c3-4a0e-ba29-98b922a9dd31" + ] + }, + "6b6f96f1-b9a3-46e7-9c92-b145d5e1ec52": { + "isRemoved": false, + "isRunning": false, + "layerRef": "570de6e1fec4d37e", + "license": "0BSD", + "name": "xz-utils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.8.1-1", + "vulnerabilitiesRefs": null + }, + "6e0a16a8-de83-4236-92a5-7ca2d4870a15": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "MIT-1", + "name": "libxml2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.12.7+dfsg+really2.9.14-2.1+deb13u1", + "vulnerabilitiesRefs": [ + "d5104e8a-4cc8-422e-bc81-b9508b31cd51", + "9fd0028b-c08b-42a9-9234-3a6e0401dc98" + ] + }, + "71012f6b-781a-41e5-b038-506700947e1e": { + "isRemoved": false, + "isRunning": false, + "layerRef": "570de6e1fec4d37e", + "license": "BSD-3-clause or GPL-2", + "name": "zstd", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.5.7+dfsg-1", + "vulnerabilitiesRefs": null + }, + "71919f87-8f07-470d-a498-95cf0b67a8e3": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "tar", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.35+dfsg-3.1", + "vulnerabilitiesRefs": [ + "676ebef5-28e1-4465-9c4a-027685668763" + ] + }, + "71b97361-84d1-4dee-b6ae-b163791b1ffe": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "Expat", + "name": "libffi8", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.4.8-2", + "vulnerabilitiesRefs": null + }, + "71e0b3c3-70e6-4bbc-9e27-475d77490cff": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause", + "name": "libbsd0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.12.2-2", + "vulnerabilitiesRefs": null + }, + "7767d856-8743-4edd-998b-fd06f9f6ef47": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2", + "name": "hostname", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.25", + "vulnerabilitiesRefs": null + }, + "77a6b013-47f9-46cb-8c80-271b49e7354c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2.0-only", + "name": "mawk", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.3.4.20250131-1", + "vulnerabilitiesRefs": null + }, + "79bd9478-9894-4835-8ca3-65bfcdb605f1": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gnupg-l10n", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21", + "vulnerabilitiesRefs": [ + "94e08d5a-a6a7-41c5-bb4d-6f4087cdb552" + ] + }, + "7ad9c407-9a2c-41fe-8a4d-63cd59782d78": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "name": "libncursesw6", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "6.5+20250216-2", + "vulnerabilitiesRefs": [ + "0dd559a8-4540-4420-b6ee-6834d07a99ec" + ] + }, + "7bfa0ccf-1c04-4cae-ba25-8669774678a9": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-3+ or GPL-2+", + "name": "libnettle8t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.10.1-1", + "vulnerabilitiesRefs": null + }, + "7fad8115-e879-457d-9cb9-566b7be6a792": { + "isRemoved": false, + "isRunning": false, + "layerRef": "80c2a358282b58c1", + "name": "golang.org/x/sys", + "path": "/usr/local/bin/gosu", + "riskAcceptRefs": null, + "type": "golang", + "version": "v0.1.0", + "vulnerabilitiesRefs": null + }, + "80955deb-bea7-4b8f-adc9-711a96ab27dd": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2", + "name": "libaudit1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.0.2-2+b2", + "vulnerabilitiesRefs": null + }, + "80c8981f-9cc6-4b1b-b525-e84690a57065": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2.0+", + "name": "sysvinit-utils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.14-4", + "vulnerabilitiesRefs": null + }, + "816f007a-9469-419b-8c38-de1c3cecb37d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libsystemd0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "257.8-1~deb13u2", + "vulnerabilitiesRefs": [ + "e2011c93-495f-464a-93d5-e0e173390b45", + "6d70ee1d-5cc1-40d8-98a1-fb2b3997fb8a", + "3e547a92-f974-42b3-8c4a-aa5aefe8ce6d", + "3b4837ad-67b2-4a1f-b237-250bb0243361" + ] + }, + "8633d329-e723-4625-b9fd-c7dfe1f06896": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL", + "name": "libpam-modules-bin", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.7.0-5", + "vulnerabilitiesRefs": [ + "8603c3fb-af50-4230-b394-263b67b64a34" + ] + }, + "8b39e7a1-e3c1-4ce4-9814-b403454f6d1d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "", + "name": "libgcrypt20", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.11.0-7", + "vulnerabilitiesRefs": [ + "40a5ebca-5dfc-4c4c-8c4e-11d71b8b0503", + "02c49e31-4de6-4736-a4cf-1f0895ef06f3" + ] + }, + "8b6f5f4d-3784-4e0b-825c-e62d6688fe7e": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "0BSD", + "name": "liblzma5", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.8.1-1", + "vulnerabilitiesRefs": null + }, + "8e46e983-aa93-46e6-acd2-0e8114198c3f": { + "isRemoved": false, + "isRunning": false, + "layerRef": "80c2a358282b58c1", + "name": "Go", + "path": "/usr/local/bin/gosu", + "riskAcceptRefs": null, + "type": "golang", + "version": "1.24.6", + "vulnerabilitiesRefs": null + }, + "8ee5cd15-effa-4f61-be97-2b0085afba56": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "MIT/X11", + "name": "libtinfo6", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "6.5+20250216-2", + "vulnerabilitiesRefs": [ + "57343a73-8f39-4301-bfa4-271e8c27edc2" + ] + }, + "90a15e06-0362-4154-a37f-9688a1cd2bff": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "gzip", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.13-1", + "vulnerabilitiesRefs": null + }, + "921f638c-99a6-447d-8968-90ac32d87ecb": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-2-clause", + "name": "debconf", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.5.91", + "vulnerabilitiesRefs": null + }, + "92b3c3fa-baa9-4b41-9b68-fffa41ba1ec2": { + "isRemoved": false, + "isRunning": false, + "layerRef": "80c2a358282b58c1", + "name": "github.com/moby/sys/user", + "path": "/usr/local/bin/gosu", + "riskAcceptRefs": null, + "type": "golang", + "version": "v0.1.0", + "vulnerabilitiesRefs": null + }, + "93c33d8c-75f3-4b32-a452-a35d713bd055": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "LGPL-2.1+", + "name": "libassuan9", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.0.2-2", + "vulnerabilitiesRefs": null + }, + "93d5b313-974e-468e-91e1-639bed96016b": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2", + "name": "base-passwd", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.6.7", + "vulnerabilitiesRefs": null + }, + "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL", + "name": "libpam0g", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.7.0-5", + "vulnerabilitiesRefs": [ + "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + ] + }, + "94e8e8d0-52b5-4104-a547-75180d6eaf24": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gpg-agent", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21+b3", + "vulnerabilitiesRefs": [ + "ef36a481-d41a-4779-898c-53d7b2d11596" + ] + }, + "95934518-9787-4120-93de-31e2dd722d50": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "ucf", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.0052", + "vulnerabilitiesRefs": null + }, + "9594165a-0f03-480f-9683-16af7fd2032c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2", + "name": "libkrb5support0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.21.3-5", + "vulnerabilitiesRefs": [ + "e95ec963-146c-4f46-8b9b-46ff22e818ba", + "92bf8fc3-fb6f-4260-a924-1f9ef0e704ca", + "4dae8584-3175-481a-bf8e-a4be3572f7fe" + ] + }, + "96559c69-f899-42d3-9fda-7d75ba58fb21": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1", + "name": "libseccomp2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.6.0-2", + "vulnerabilitiesRefs": null + }, + "99d218e2-3280-47e5-92ca-fbab20292b7f": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "public-domain", + "name": "libsqlite3-0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.46.1-7", + "vulnerabilitiesRefs": [ + "6288bd1f-eac2-4ddb-b9ed-cbee5959cbaf", + "fe5081d2-ffbd-494e-99a6-b15540e07006" + ] + }, + "9f057c77-836a-4bcd-bb96-eb450f83afc1": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libudev1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "257.8-1~deb13u2", + "vulnerabilitiesRefs": [ + "8a4358c9-7496-4364-9f23-ba7304164b3a", + "8be4996f-f1bc-4378-91a2-875f4014b575", + "fe52c8b8-2aa5-4369-86b3-a38ccf269c92", + "dc32fad2-c96e-4739-80da-294707339b1c" + ] + }, + "9fce136a-0206-48f6-bae4-3ba72af35435": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libapt-pkg7.0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.0.3", + "vulnerabilitiesRefs": [ + "a621a7ee-9dfe-4a7b-b2cc-49d56b91c44f" + ] + }, + "a43ac627-c4f4-430d-8741-9862e1b7f606": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "LGPL-2.1+", + "name": "libgpg-error0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.51-4", + "vulnerabilitiesRefs": null + }, + "a7e04900-1563-4232-b289-6159ccee191d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "public-domain", + "name": "libselinux1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.8.1-1", + "vulnerabilitiesRefs": null + }, + "abb6b771-93f0-4b78-a523-24da05ba4bc8": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "bsdutils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:2.41-5", + "vulnerabilitiesRefs": [ + "75b33bfc-aaa7-4009-a62c-5f45fb84a1fd" + ] + }, + "ae50ce52-6e20-4ecb-b877-ab3d46bde6cf": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "libunistring5", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.3-2", + "vulnerabilitiesRefs": null + }, + "b165b195-61ea-4aa3-872f-bc249bbe9bf3": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-1+ or Artistic", + "name": "perl-base", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.40.1-6", + "vulnerabilitiesRefs": [ + "a6ffaad7-ce49-4fcb-b358-33e4d343622a" + ] + }, + "b26c2c68-3c9e-40cf-86d4-a5517741e2c4": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "MIT", + "name": "libicu76", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "76.1-4", + "vulnerabilitiesRefs": null + }, + "b3323364-90ee-4a78-a110-25fa8396584e": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "LGPL-2.1+", + "name": "procps", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2:4.0.4-9", + "vulnerabilitiesRefs": null + }, + "b38f4df4-b825-477e-8653-68724eb0f04e": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "LGPL", + "name": "libtasn1-6", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "4.20.0-2", + "vulnerabilitiesRefs": null + }, + "b42ad979-f0fd-402f-bcab-803b612e10b9": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-3+ or GPL-2+", + "name": "libhogweed6t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.10.1-1", + "vulnerabilitiesRefs": null + }, + "b43ceb38-4a06-4a0b-af79-dff85981a359": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL", + "name": "libpam-modules", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.7.0-5", + "vulnerabilitiesRefs": [ + "582c2717-21e1-4bdb-b490-14a8c5cb5483" + ] + }, + "b6505d4b-43a9-4a8f-afe8-1a7265c17021": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause", + "name": "login.defs", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.17.4-2", + "vulnerabilitiesRefs": [ + "cf8d10df-1b2f-492e-a68b-7623f8d98014", + "de1f979d-0d18-4115-9143-388d59721a37" + ] + }, + "b665cc59-0197-46b3-9a0c-f23e4a22cb84": { + "isRemoved": false, + "isRunning": false, + "layerRef": "b091b70f8c607940", + "license": "LGPL-2.1+", + "name": "locales", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-12", + "vulnerabilitiesRefs": [ + "d790c3e3-8fde-46de-865c-7c1739261421", + "7787fc63-f0b8-4d0c-ad62-3e4d7a309877", + "5a924159-12ee-47f6-b7fc-be2cbdc6eaa0", + "df7ae259-5cdc-4577-acc5-9f22706358e1", + "dd410b92-43e4-4cab-a75a-688322e1dc89", + "e9409214-1545-4c74-b291-747b694a5890", + "d7600603-ed17-427d-9c4a-d82ec8a7833c" + ] + }, + "b6784fb6-ef4f-4076-872d-30548ff62d3d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "Apache-2.0", + "name": "openssl", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.5.1-1", + "vulnerabilitiesRefs": null + }, + "b78dde9a-6448-404e-bd47-59e8c59174eb": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "bash", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.2.37-2+b5", + "vulnerabilitiesRefs": null + }, + "b78e74a9-65b7-4e4b-9e08-11198108b519": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL-2", + "name": "libcap2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:2.75-10+b1", + "vulnerabilitiesRefs": null + }, + "b8dc160c-63ec-46e3-83ac-a883a7db0145": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "Zlib", + "name": "zlib1g", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:1.3.dfsg+really1.3.1-1+b1", + "vulnerabilitiesRefs": null + }, + "bbe2811f-57f0-40d6-9f3e-d73a254c713a": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "BSD-3-clause", + "name": "libedit2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.1-20250104-1", + "vulnerabilitiesRefs": null + }, + "bd1e8369-63ad-463c-bb1e-75e274879db2": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2+", + "name": "sensible-utils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.0.25", + "vulnerabilitiesRefs": null + }, + "be2019ea-33c1-4488-a72b-73f0495354c6": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "LGPL-2.1+", + "name": "libc6", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-12", + "vulnerabilitiesRefs": [ + "7d027134-b1ff-4ec4-8a27-f5049e44105c", + "7e1549e7-0a43-4e56-9dae-e28eda7d618b", + "303e826d-b15e-437b-855a-c500790d704a", + "5125b5a8-c4b7-472a-bf45-b31c7c0816ea", + "dfbadbf9-6e11-45f1-a332-17bbf2ef32d1", + "8f58a2f1-e74c-468f-b649-f410206b1495", + "9b3440a0-761c-4769-bd32-53373823e4c4" + ] + }, + "be31966e-4048-4b95-8e8b-dfc0c311dda3": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "OpenLDAP-2.8", + "name": "libldap2", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.6.10+dfsg-1", + "vulnerabilitiesRefs": [ + "3134f4de-463d-4feb-a975-68b3a00142bf", + "d7d19b16-e0a1-4692-a919-ad1348e696e5", + "b9721b5d-dd2d-4f25-a92d-7c6aec9ead0e", + "3b5036c2-c124-41d5-bbea-d19bfa011512" + ] + }, + "bf4e7de7-0d97-45cd-bef0-45de73dc4999": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-3+", + "name": "coreutils", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "9.7-3", + "vulnerabilitiesRefs": [ + "923ad276-a9d1-4b22-8a5a-bd98145ec144", + "a903f3f7-72e9-47c7-8142-c3f33ee76842" + ] + }, + "c328794e-0961-4a88-8596-608d41dfc463": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "name": "libgcc-s1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "14.2.0-19", + "vulnerabilitiesRefs": null + }, + "c374de77-f71a-44ce-bca9-538728abe269": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause", + "name": "init-system-helpers", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.69~deb13u1", + "vulnerabilitiesRefs": null + }, + "ca6fb607-a135-4046-b497-18cdfb6a506d": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "readline-common", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "8.2-6", + "vulnerabilitiesRefs": null + }, + "caf5a22e-529b-48ec-896d-5789a8283192": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libuuid1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "66e12ebc-bffe-4fc3-b829-72b1036951bc" + ] + }, + "d30f8f1e-ac65-4f1d-ba5b-407d05b65bba": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL", + "name": "gcc-14-base", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "14.2.0-19", + "vulnerabilitiesRefs": null + }, + "d3559ea2-df26-4100-81b3-09e16c142d82": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gpgsm", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21+b3", + "vulnerabilitiesRefs": [ + "268ecac6-3875-4d64-b830-805e8ebbb877" + ] + }, + "d5f0b7d6-c61a-4273-9b7a-67a3559f1c48": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2+", + "name": "libkeyutils1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.6.3-6", + "vulnerabilitiesRefs": null + }, + "d607a484-ba58-4edb-8242-0b886391078c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gpgconf", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21+b3", + "vulnerabilitiesRefs": [ + "543066e6-2d32-4bfd-9df1-9c23bd3d0fed" + ] + }, + "d80a6384-bf79-4f9f-a692-a4968b334d0f": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "LGPL-2.1+", + "name": "libnpth0t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.8-3", + "vulnerabilitiesRefs": null + }, + "d9f4e2b4-050a-4981-ab80-22035e1aecd2": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "Expat", + "name": "libz3-4", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "4.13.3-1", + "vulnerabilitiesRefs": null + }, + "daf3e591-762f-48d6-8568-ac40c0b7ce9c": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-3+", + "name": "libgdbm6t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.24-2", + "vulnerabilitiesRefs": null + }, + "dc2673d8-3fdd-4e50-81c5-bfd451712d79": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "name": "libcrypt1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.4.38-1", + "vulnerabilitiesRefs": null + }, + "dcab1562-a773-45a3-a042-116270f9b562": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "name": "libstdc++6", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "14.2.0-19", + "vulnerabilitiesRefs": null + }, + "df10123f-5ab7-447f-8b19-a9409302f788": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "gnupg", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21", + "vulnerabilitiesRefs": [ + "469c3059-5784-4246-a73c-f8cb0693d10e" + ] + }, + "df368acc-0e3a-43d3-a85f-84a10c9ba266": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-2-clause", + "name": "libxxhash0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "0.8.3-2", + "vulnerabilitiesRefs": null + }, + "e37fcfcc-2f16-4801-be20-e2a09d3dcee9": { + "isRemoved": false, + "isRunning": false, + "layerRef": "570de6e1fec4d37e", + "license": "BSD-3-clauses", + "name": "libnss-wrapper", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.1.16-1", + "vulnerabilitiesRefs": null + }, + "e45d9a07-f82e-400d-93a6-d389102b4c10": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "liblz4-1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.10.0-4", + "vulnerabilitiesRefs": null + }, + "e7578ed7-80f5-4f40-b9a2-2673efffe024": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "dpkg", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.22.21", + "vulnerabilitiesRefs": null + }, + "e7d01d73-439e-44ee-9521-6a9ea3726aea": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "Apache-2.0", + "name": "openssl-provider-legacy", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "3.5.1-1", + "vulnerabilitiesRefs": null + }, + "e90fdabf-fc00-4ed1-bf48-bb39da770635": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "BSD-3-clause or GPL-2", + "name": "libzstd1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.5.7+dfsg-1", + "vulnerabilitiesRefs": null + }, + "ec607163-4bd6-4e26-a53e-6a5c0c15eb0f": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "Artistic or GPL-1+", + "name": "libjson-perl", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "4.10000-1", + "vulnerabilitiesRefs": null + }, + "ecced166-5360-4597-a587-41e95eb16590": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "Sleepycat and BSD-3-clause", + "name": "libdb5.3t64", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "5.3.28+dfsg2-9", + "vulnerabilitiesRefs": null + }, + "ee0ea4ff-7ef7-49d8-8391-f954f282cea4": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "GPL-2+", + "name": "postgresql-common", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "283.pgdg13+1", + "vulnerabilitiesRefs": null + }, + "efe28d5a-35cd-4f58-9fa3-1069a7f4e80b": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libacl1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.3.2-2+b1", + "vulnerabilitiesRefs": null + }, + "f32df5d1-0e3d-498b-a2a6-bf516f179788": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "libidn2-0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.3.8-2", + "vulnerabilitiesRefs": null + }, + "fa25f1a7-6deb-4881-a23c-8fb238984e01": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "BSD-3-clause", + "name": "ssl-cert", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1.1.3", + "vulnerabilitiesRefs": null + }, + "fbc07f60-d704-4681-8683-0fff508c5fb4": { + "isRemoved": false, + "isRunning": false, + "layerRef": "bdf63e2463dd8cd4", + "license": "LGPL-2.1+", + "name": "libproc2-0", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2:4.0.4-9", + "vulnerabilitiesRefs": null + }, + "fc3f4e27-be0b-41b1-8142-6e15c7698acf": { + "isRemoved": false, + "isRunning": false, + "layerRef": "768837ca9e98862a", + "license": "GPL-3+", + "name": "dirmngr", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.4.7-21+b3", + "vulnerabilitiesRefs": [ + "67d5a8d8-59e6-405e-8bbc-47da50ca8ca4" + ] + }, + "fcde55a3-c2c0-418e-a497-15a2fd34b684": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "libsmartcols1", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-5", + "vulnerabilitiesRefs": [ + "5ad34bb2-530a-447d-9e80-155d5cbdb90e" + ] + }, + "fe7ca75a-f12d-4a58-8ba2-995b19246887": { + "isRemoved": false, + "isRunning": false, + "layerRef": "74be1f9e2af2da58", + "license": "GPL-2+", + "name": "login", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "1:4.16.0-2+really2.41-5", + "vulnerabilitiesRefs": [ + "6a43bbd1-34a1-47b5-9ff0-3c60ed1cb016" + ] + }, + "ffd8a4c3-b887-4429-b32e-f32a80b64eba": { + "isRemoved": false, + "isRunning": false, + "layerRef": "b091b70f8c607940", + "license": "LGPL-2.1+", + "name": "libc-l10n", + "path": "/var/lib/dpkg/status", + "riskAcceptRefs": null, + "type": "os", + "version": "2.41-12", + "vulnerabilitiesRefs": [ + "39155daf-bdbf-47ae-8bc3-aefa84b7f643", + "eb2069eb-8446-4f01-a01f-f98614da59bf", + "b46490a9-2faa-4014-969f-796ac5813360", + "c0c64273-4b2a-4e12-89d3-4baabdb0f7f4", + "1f2702df-5f3e-4d29-9dc9-e2b627e4f558", + "7cdcab42-03cd-45a6-8d93-abb1f2539f52", + "25deece7-4abb-4d41-9c0b-8653a0db2a76" + ] + } + }, + "policies": { + "evaluations": [ + { + "bundles": [ + { + "identifier": "pci-dss-v4-0", + "name": "PCI DSS (Payment Card Industry Data Security Standard) v4.0", + "rules": [ + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "18377", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + }, + { + "description": "User is root", + "evaluationResult": "failed", + "failureType": "imageConfigFailure", + "failures": [ + { + "arguments": {}, + "remediation": "Modify your image configuration and set the default user to other than root\nCheck the documentation to learn why and how to change the default image user\n" + } + ], + "predicates": [ + { + "extra": {}, + "type": "imageConfigDefaultUserIsRoot" + } + ], + "ruleId": "18378", + "ruleType": "imageConfigDefaultUser" + }, + { + "description": "Severity greater than or equal high", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "vulnerabilityRef": "582c2717-21e1-4bdb-b490-14a8c5cb5483" + }, + { + "description": "", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "vulnerabilityRef": "8603c3fb-af50-4230-b394-263b67b64a34" + }, + { + "description": "", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "vulnerabilityRef": "385eecc2-341e-474f-b602-d4fb7f326446" + }, + { + "description": "", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "vulnerabilityRef": "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + }, + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "vulnerabilityRef": "57343a73-8f39-4301-bfa4-271e8c27edc2" + }, + { + "description": "", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "vulnerabilityRef": "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + }, + { + "description": "", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "vulnerabilityRef": "e714addb-59d7-41c2-acdc-aced15d0cbdc" + }, + { + "description": "", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "vulnerabilityRef": "0dd559a8-4540-4420-b6ee-6834d07a99ec" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "ec94f263-eb47-4984-bc73-7b09e8754747" + } + ], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "18379", + "ruleType": "vulnSeverityAndThreats" + } + ], + "type": "predefined" + } + ], + "createdAt": "2025-08-22T00:48:32.773685Z", + "description": "Scan for any vulnerabilities that could oppose a risk to payment and cardholder applications", + "evaluation": "failed", + "identifier": "carholder-policy-pk", + "name": "carholder policy - pk", + "updatedAt": "2025-08-22T00:51:04.300275Z" + }, + { + "bundles": [ + { + "identifier": "critical-vulnerability-found", + "name": "Critical Vulnerability Found", + "rules": [ + { + "description": "Severity greater than or equal critical", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + } + ], + "predicates": [ + { + "extra": { + "level": "critical" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "17701", + "ruleType": "vulnSeverityAndThreats" + } + ], + "type": "custom" + } + ], + "createdAt": "2023-07-21T05:01:51.544943Z", + "description": "", + "evaluation": "failed", + "identifier": "critical-vulnerability-found", + "name": "Critical Vulnerability Found", + "updatedAt": "2024-10-08T07:52:30.379503Z" + }, + { + "bundles": [ + { + "identifier": "forbid-secrets", + "name": "Forbid Secrets", + "rules": [ + { + "description": "Variable AZURE_CLIENT_SECRET exists", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": { + "key": "AZURE_CLIENT_SECRET" + }, + "type": "imageConfigEnvVariableExists" + } + ], + "ruleId": "17444", + "ruleType": "imageConfigEnvVariable" + }, + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "17445", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + } + ], + "type": "custom" + } + ], + "createdAt": "2023-05-01T22:23:29.429978Z", + "description": "", + "evaluation": "passed", + "identifier": "forbid-secrets-in-images", + "name": "Forbid Secrets in Images", + "updatedAt": "2025-07-18T08:00:01.41654Z" + }, + { + "bundles": [ + { + "identifier": "nist-sp-800-82-rev-2", + "name": "NIST SP 800-82 (Guide to Industrial Control Systems ICS Security) Rev 2", + "rules": [ + { + "description": "User is root", + "evaluationResult": "failed", + "failureType": "imageConfigFailure", + "failures": [ + { + "arguments": {}, + "remediation": "Modify your image configuration and set the default user to other than root\nCheck the documentation to learn why and how to change the default image user\n" + } + ], + "predicates": [ + { + "extra": {}, + "type": "imageConfigDefaultUserIsRoot" + } + ], + "ruleId": "16979", + "ruleType": "imageConfigDefaultUser" + }, + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "16980", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + }, + { + "description": "Forbid the use of discouraged instructions", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigInstructionNotRecommended" + } + ], + "ruleId": "16981", + "ruleType": "imageConfigInstructionNotRecommended" + }, + { + "description": "Forbid the use of package manager instructions (eg. apk, npm, rpm, etc)", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigInstructionIsPkgManager" + } + ], + "ruleId": "16982", + "ruleType": "imageConfigInstructionIsPkgManager" + }, + { + "description": "Severity greater than or equal high", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "vulnerabilityRef": "582c2717-21e1-4bdb-b490-14a8c5cb5483" + }, + { + "description": "", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "vulnerabilityRef": "8603c3fb-af50-4230-b394-263b67b64a34" + }, + { + "description": "", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "vulnerabilityRef": "385eecc2-341e-474f-b602-d4fb7f326446" + }, + { + "description": "", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "vulnerabilityRef": "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + }, + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "vulnerabilityRef": "57343a73-8f39-4301-bfa4-271e8c27edc2" + }, + { + "description": "", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "vulnerabilityRef": "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + }, + { + "description": "", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "vulnerabilityRef": "e714addb-59d7-41c2-acdc-aced15d0cbdc" + }, + { + "description": "", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "vulnerabilityRef": "0dd559a8-4540-4420-b6ee-6834d07a99ec" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "ec94f263-eb47-4984-bc73-7b09e8754747" + } + ], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "16983", + "ruleType": "vulnSeverityAndThreats" + } + ], + "type": "predefined" + }, + { + "identifier": "nist-sp-800-53-rev-5", + "name": "NIST SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) Rev 5", + "rules": [ + { + "description": "Severity greater than or equal high", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "vulnerabilityRef": "582c2717-21e1-4bdb-b490-14a8c5cb5483" + }, + { + "description": "", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "vulnerabilityRef": "8603c3fb-af50-4230-b394-263b67b64a34" + }, + { + "description": "", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "vulnerabilityRef": "385eecc2-341e-474f-b602-d4fb7f326446" + }, + { + "description": "", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "vulnerabilityRef": "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + }, + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "vulnerabilityRef": "57343a73-8f39-4301-bfa4-271e8c27edc2" + }, + { + "description": "", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "vulnerabilityRef": "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + }, + { + "description": "", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "vulnerabilityRef": "e714addb-59d7-41c2-acdc-aced15d0cbdc" + }, + { + "description": "", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "vulnerabilityRef": "0dd559a8-4540-4420-b6ee-6834d07a99ec" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "ec94f263-eb47-4984-bc73-7b09e8754747" + } + ], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "16970", + "ruleType": "vulnSeverityAndThreats" + }, + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "16971", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + }, + { + "description": "User is root", + "evaluationResult": "failed", + "failureType": "imageConfigFailure", + "failures": [ + { + "arguments": {}, + "remediation": "Modify your image configuration and set the default user to other than root\nCheck the documentation to learn why and how to change the default image user\n" + } + ], + "predicates": [ + { + "extra": {}, + "type": "imageConfigDefaultUserIsRoot" + } + ], + "ruleId": "16972", + "ruleType": "imageConfigDefaultUser" + }, + { + "description": "Forbid the use of discouraged instructions", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigInstructionNotRecommended" + } + ], + "ruleId": "16973", + "ruleType": "imageConfigInstructionNotRecommended" + }, + { + "description": "Forbid the use of package manager instructions (eg. apk, npm, rpm, etc)", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigInstructionIsPkgManager" + } + ], + "ruleId": "16974", + "ruleType": "imageConfigInstructionIsPkgManager" + } + ], + "type": "predefined" + }, + { + "identifier": "nist-sp-800-190", + "name": "NIST SP 800-190 (Application Container Security Guide)", + "rules": [ + { + "description": "Forbid the use of package manager instructions (eg. apk, npm, rpm, etc)", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigInstructionIsPkgManager" + } + ], + "ruleId": "16975", + "ruleType": "imageConfigInstructionIsPkgManager" + }, + { + "description": "Severity greater than or equal medium", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "vulnerabilityRef": "582c2717-21e1-4bdb-b490-14a8c5cb5483" + }, + { + "description": "", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "vulnerabilityRef": "8603c3fb-af50-4230-b394-263b67b64a34" + }, + { + "description": "", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "vulnerabilityRef": "385eecc2-341e-474f-b602-d4fb7f326446" + }, + { + "description": "", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "vulnerabilityRef": "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + }, + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "vulnerabilityRef": "57343a73-8f39-4301-bfa4-271e8c27edc2" + }, + { + "description": "", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "vulnerabilityRef": "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + }, + { + "description": "", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "vulnerabilityRef": "e714addb-59d7-41c2-acdc-aced15d0cbdc" + }, + { + "description": "", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "vulnerabilityRef": "0dd559a8-4540-4420-b6ee-6834d07a99ec" + }, + { + "description": "", + "packageRef": "6e0a16a8-de83-4236-92a5-7ca2d4870a15", + "vulnerabilityRef": "9fd0028b-c08b-42a9-9234-3a6e0401dc98" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "ec94f263-eb47-4984-bc73-7b09e8754747" + } + ], + "predicates": [ + { + "extra": { + "level": "medium" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "16976", + "ruleType": "vulnSeverityAndThreats" + }, + { + "description": "User is root", + "evaluationResult": "failed", + "failureType": "imageConfigFailure", + "failures": [ + { + "arguments": {}, + "remediation": "Modify your image configuration and set the default user to other than root\nCheck the documentation to learn why and how to change the default image user\n" + } + ], + "predicates": [ + { + "extra": {}, + "type": "imageConfigDefaultUserIsRoot" + } + ], + "ruleId": "16977", + "ruleType": "imageConfigDefaultUser" + }, + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "16978", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + } + ], + "type": "predefined" + } + ], + "createdAt": "2025-05-21T09:41:52.198796Z", + "description": "A Collection of all NIST SP 800-* Rule Bindles", + "evaluation": "failed", + "identifier": "nist-sp-800-star", + "name": "NIST SP 800-Star", + "updatedAt": "2025-07-18T07:58:58.579224Z" + }, + { + "bundles": [ + { + "identifier": "pci-dss-v4-0", + "name": "PCI DSS (Payment Card Industry Data Security Standard) v4.0", + "rules": [ + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "18377", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + }, + { + "description": "User is root", + "evaluationResult": "failed", + "failureType": "imageConfigFailure", + "failures": [ + { + "arguments": {}, + "remediation": "Modify your image configuration and set the default user to other than root\nCheck the documentation to learn why and how to change the default image user\n" + } + ], + "predicates": [ + { + "extra": {}, + "type": "imageConfigDefaultUserIsRoot" + } + ], + "ruleId": "18378", + "ruleType": "imageConfigDefaultUser" + }, + { + "description": "Severity greater than or equal high", + "evaluationResult": "failed", + "failureType": "pkgVulnFailure", + "failures": [ + { + "description": "", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "vulnerabilityRef": "582c2717-21e1-4bdb-b490-14a8c5cb5483" + }, + { + "description": "", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "vulnerabilityRef": "8603c3fb-af50-4230-b394-263b67b64a34" + }, + { + "description": "", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "vulnerabilityRef": "385eecc2-341e-474f-b602-d4fb7f326446" + }, + { + "description": "", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "vulnerabilityRef": "dbda6c16-f9ae-4b7a-a123-fc8e60771789" + }, + { + "description": "", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "vulnerabilityRef": "fe5081d2-ffbd-494e-99a6-b15540e07006" + }, + { + "description": "", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "vulnerabilityRef": "57343a73-8f39-4301-bfa4-271e8c27edc2" + }, + { + "description": "", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "vulnerabilityRef": "e30fb5d9-b497-49f8-8299-88bc021ba8f8" + }, + { + "description": "", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "vulnerabilityRef": "e714addb-59d7-41c2-acdc-aced15d0cbdc" + }, + { + "description": "", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "vulnerabilityRef": "0dd559a8-4540-4420-b6ee-6834d07a99ec" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "7bdb12db-2446-4695-9045-c431567619b3" + }, + { + "description": "", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "vulnerabilityRef": "ec94f263-eb47-4984-bc73-7b09e8754747" + } + ], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverity" + } + ], + "ruleId": "18379", + "ruleType": "vulnSeverityAndThreats" + } + ], + "type": "predefined" + } + ], + "createdAt": "2025-03-25T10:40:26.23727Z", + "description": "Scan for any vulnerabilities that could oppose a risk to payment and cardholder applications.......", + "evaluation": "failed", + "identifier": "policycardholder", + "name": "PolicyCardHolder", + "updatedAt": "2025-07-18T07:59:42.128875Z" + }, + { + "bundles": [ + { + "identifier": "forbid-secrets", + "name": "Forbid Secrets", + "rules": [ + { + "description": "Variable AZURE_CLIENT_SECRET exists", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": { + "key": "AZURE_CLIENT_SECRET" + }, + "type": "imageConfigEnvVariableExists" + } + ], + "ruleId": "17444", + "ruleType": "imageConfigEnvVariable" + }, + { + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "failureType": "imageConfigFailure", + "failures": [], + "predicates": [ + { + "extra": {}, + "type": "imageConfigSensitiveInformationAndSecrets" + } + ], + "ruleId": "17445", + "ruleType": "imageConfigSensitiveInformationAndSecrets" + } + ], + "type": "custom" + } + ], + "createdAt": "2023-07-21T05:02:05.36946Z", + "description": "", + "evaluation": "passed", + "identifier": "sensitive-information-or-secret-found", + "name": "Sensitive Information or Secret Found", + "updatedAt": "2025-07-18T07:59:29.687491Z" + }, + { + "bundles": [ + { + "identifier": "severe_vulnerabilities_with_a_fix", + "name": "Severe vulnerabilities with a Fix", + "rules": [ + { + "description": "Severity equal critical AND Fixable", + "evaluationResult": "passed", + "failureType": "pkgVulnFailure", + "failures": [], + "predicates": [ + { + "extra": { + "level": "critical" + }, + "type": "vulnSeverityEquals" + }, + { + "extra": {}, + "type": "vulnIsFixable" + } + ], + "ruleId": "17446", + "ruleType": "vulnSeverityAndThreats" + }, + { + "description": "Severity equal high AND Fixable since 30 days", + "evaluationResult": "passed", + "failureType": "pkgVulnFailure", + "failures": [], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverityEquals" + }, + { + "extra": { + "age": 30 + }, + "type": "vulnIsFixableWithAge" + } + ], + "ruleId": "17447", + "ruleType": "vulnSeverityAndThreats" + }, + { + "description": "Severity greater than or equal high AND Network attack vector AND Fixable", + "evaluationResult": "passed", + "failureType": "pkgVulnFailure", + "failures": [], + "predicates": [ + { + "extra": { + "level": "high" + }, + "type": "vulnSeverity" + }, + { + "extra": {}, + "type": "vulnExploitableViaNetwork" + }, + { + "extra": {}, + "type": "vulnIsFixable" + } + ], + "ruleId": "17448", + "ruleType": "vulnSeverityAndThreats" + } + ], + "type": "predefined" + } + ], + "createdAt": "2023-03-23T21:41:46.977741Z", + "description": "Recommended out of the box image scanning checks.", + "evaluation": "passed", + "identifier": "sysdig-best-practices", + "name": "Sysdig Best Practices", + "updatedAt": "2025-02-18T13:51:07.432102Z" + } + ], + "globalEvaluation": "failed" + }, + "producer": { + "producedAt": "2025-09-30T18:05:33.318466678+02:00" + }, + "riskAccepts": {}, + "stage": "pipeline", + "vulnerabilities": { + "02c49e31-4de6-4736-a4cf-1f0895ef06f3": { + "cvssScore": { + "score": 5.9, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-03-06", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-2236", + "packageRef": "8b39e7a1-e3c1-4ce4-9814-b403454f6d1d", + "providersMetadata": { + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-10-10T03:02:00Z" + }, + "first.org": { + "epssScore": { + "score": 0.0031, + "percentile": 0.53643, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-03-06T22:15:57.977Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "severity": "medium" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "publicationDate": "2024-03-06T00:00:00Z", + "severity": "medium" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2024-03-06T22:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "publicationDate": "2024-03-05T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "0307fe27-fd2a-4871-a880-b2d6765717bc": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26461", + "packageRef": "58270767-3784-4f00-83a5-1fe7f84fd491", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00063, + "percentile": 0.20132, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.82Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "0dd559a8-4540-4420-b6ee-6834d07a99ec": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-06-16", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-6141", + "packageRef": "7ad9c407-9a2c-41fe-8a4d-63cd59782d78", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00019, + "percentile": 0.03543, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-06-16T22:16:41.527Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3 + }, + "publicationDate": "2025-06-16T22:00:17.088Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2025-06-16T22:16:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-03-24T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "0dee0f9b-36c3-4a0e-ba29-98b922a9dd31": { + "cvssScore": { + "score": 4.3, + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" + }, + "disclosureDate": "2011-09-06", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-3389", + "packageRef": "694866c7-f9bd-46b3-9a50-8100b36e39d3", + "providersMetadata": { + "amazon": { + "publicationDate": "2011-10-31T18:22:00Z" + }, + "first.org": { + "epssScore": { + "score": 0.04632, + "percentile": 0.88854, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2012-03-06T01:02:18Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "score": 4.3, + "exploitability_score": 8.6, + "impact_score": 2.9 + }, + "publicationDate": "2011-09-06T19:55:03.197Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 3.7 + }, + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "score": 4.3 + }, + "publicationDate": "2011-09-10T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2011-09-06T19:55:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 5.9 + }, + "publicationDate": "2011-08-31T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2011-08-31" + }, + "16780329-6aea-4dd4-9cf3-1eeaa1d1aefd": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-01-16", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-5709", + "packageRef": "4228ee88-50ce-4578-bcc5-5c113e868b7f", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00463, + "percentile": 0.63394, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2018-01-16T09:29:00.5Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "score": 6.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2018-01-16T09:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "score": 9.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "1ddecaaa-b56f-4aac-9337-12c6c70e5ae3": { + "cvssScore": { + "score": 3.6, + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-12-26", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2024-56433", + "packageRef": "06d0987c-027a-48bb-bc79-04f4e8c3a179", + "providersMetadata": { + "azurelinux": { + "severity": "low" + }, + "first.org": { + "epssScore": { + "score": 0.03604, + "percentile": 0.87309, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-12-26T09:15:07.267Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "score": 3.6 + }, + "publicationDate": "2024-12-26T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2024-12-26T09:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "score": 3.6 + }, + "publicationDate": "2024-12-22T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "low" + }, + "1f2702df-5f3e-4d29-9dc9-e2b627e4f558": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010024", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00375, + "percentile": 0.5843, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.473Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "25676533-32b1-430e-b204-f4f39069bd31": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "515e5a6d-1f98-433b-998d-ef89134f238c", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "25deece7-4abb-4d41-9c0b-8653a0db2a76": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-9192", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-02-03T10:13:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00363, + "percentile": 0.577, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T18:29:00.34Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "score": 2.8 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-02-26T18:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "268ecac6-3875-4d64-b830-805e8ebbb877": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "d3559ea2-df26-4100-81b3-09e16c142d82", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "29afc1b3-1585-423b-a629-267d39dd982b": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-01-16", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-5709", + "packageRef": "58270767-3784-4f00-83a5-1fe7f84fd491", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00463, + "percentile": 0.63394, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2018-01-16T09:29:00.5Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "score": 6.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2018-01-16T09:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "score": 9.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "303e826d-b15e-437b-855a-c500790d704a": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010022", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00145, + "percentile": 0.35541, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8, + "exploitability_score": 3.9, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.317Z", + "severity": "critical" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2019-03-20T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2013-06-02T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "3134f4de-463d-4feb-a975-68b3a00142bf": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + }, + "disclosureDate": "2015-12-07", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2015-3276", + "packageRef": "be31966e-4048-4b95-8e8b-dfc0c311dda3", + "providersMetadata": { + "amazon": { + "publicationDate": "2017-02-14T12:00:00Z" + }, + "azurelinux": { + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.01805, + "percentile": 0.82178, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2015-12-07T20:59:03.023Z", + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "score": 4.3 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "score": 4.3 + }, + "publicationDate": "2015-07-15T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2015-12-07T20:59:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "score": 2.6 + }, + "publicationDate": "2015-07-15T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "385eecc2-341e-474f-b602-d4fb7f326446": { + "cvssScore": { + "score": 7.8, + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-08-13", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-8941", + "packageRef": "31185887-18fc-4d46-b715-7bc34004c1e2", + "providersMetadata": { + "alibaba": { + "severity": "high" + }, + "almalinux": { + "publicationDate": "2025-09-03T00:00:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00027, + "percentile": 0.05884, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-08-13T15:15:41.873Z" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + }, + "rocky": { + "publicationDate": "2025-09-08T14:19:01Z" + }, + "ubuntu": { + "publicationDate": "2025-08-13T15:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "39155daf-bdbf-47ae-8bc3-aefa84b7f643": { + "cvssScore": { + "score": 4, + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + "disclosureDate": "2011-03-02", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2010-4756", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00373, + "percentile": 0.58323, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "score": 4, + "exploitability_score": 8, + "impact_score": 2.9 + }, + "publicationDate": "2011-03-02T20:00:01.037Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2011-03-02T20:00:00Z", + "severity": "low" + }, + "vulndb": { + "publicationDate": "2010-10-07T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "3b4837ad-67b2-4a1f-b237-250bb0243361": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31439", + "packageRef": "816f007a-9469-419b-8c38-de1c3cecb37d", + "providersMetadata": { + "amazon": { + "publicationDate": "2024-09-12T18:30:00Z" + }, + "bottlerocket": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00096, + "percentile": 0.27778, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.753Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "3b5036c2-c124-41d5-bbea-d19bfa011512": { + "cvssScore": { + "score": 4.2, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2020-07-14", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2020-15719", + "packageRef": "be31966e-4048-4b95-8e8b-dfc0c311dda3", + "providersMetadata": { + "euleros": { + "publicationDate": "2020-08-28T11:16:56Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00404, + "percentile": 0.60227, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "score": 4.2, + "exploitability_score": 1.6, + "impact_score": 2.5 + }, + "publicationDate": "2020-07-14T14:15:17.667Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "score": 4.2 + }, + "publicationDate": "2019-08-19T00:00:00Z", + "severity": "low" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "score": 4.2 + }, + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2020-07-14T14:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3 + }, + "publicationDate": "2019-08-12T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "3e547a92-f974-42b3-8c4a-aa5aefe8ce6d": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31438", + "packageRef": "816f007a-9469-419b-8c38-de1c3cecb37d", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00103, + "percentile": 0.28907, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.707Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "40a5ebca-5dfc-4c4c-8c4e-11d71b8b0503": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-02-07", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-6829", + "packageRef": "8b39e7a1-e3c1-4ce4-9814-b403454f6d1d", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00549, + "percentile": 0.67032, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2018-02-07T23:29:01.703Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "publicationDate": "2018-02-08T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2018-02-07T23:29:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "score": 4.3 + }, + "publicationDate": "2018-02-01T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "469c3059-5784-4246-a73c-f8cb0693d10e": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "df10123f-5ab7-447f-8b19-a9409302f788", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "4aca8ba3-72eb-4d6a-8ee1-45a794dd2339": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "1d246bab-267f-4305-852d-4bc8b9b9195b", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "4cd8e90a-7042-436e-a8f8-54a81a3d7562": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "3d8a4900-1b0c-4258-bcd6-e42100708978", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "4dae8584-3175-481a-bf8e-a4be3572f7fe": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26461", + "packageRef": "9594165a-0f03-480f-9683-16af7fd2032c", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00063, + "percentile": 0.20132, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.82Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "4e7ad112-5423-49d1-881b-706ac82f98a5": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26458", + "packageRef": "1e98b723-f7ef-4768-8573-e6839cddfecc", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00212, + "percentile": 0.43844, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.78Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "4eed6c04-e81a-44df-9037-8b901dfcd414": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-01-16", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-5709", + "packageRef": "1e98b723-f7ef-4768-8573-e6839cddfecc", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00463, + "percentile": 0.63394, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2018-01-16T09:29:00.5Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "score": 6.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2018-01-16T09:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "score": 9.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "4fb032e8-9869-47c0-bf17-203e2eca987d": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-9192", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-02-03T10:13:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00363, + "percentile": 0.577, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T18:29:00.34Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "score": 2.8 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-02-26T18:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "507fb587-5dc4-4d89-9415-198caefad195": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "5509463c-4cd6-4054-83a5-2a3a213fd5bc", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "5125b5a8-c4b7-472a-bf45-b31c7c0816ea": { + "cvssScore": { + "score": 8.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010023", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "euleros": { + "publicationDate": "2019-07-15T08:15:13Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00722, + "percentile": 0.71731, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 8.8, + "exploitability_score": 2.8, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.397Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "543066e6-2d32-4bfd-9df1-9c23bd3d0fed": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "d607a484-ba58-4edb-8242-0b886391078c", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "57343a73-8f39-4301-bfa4-271e8c27edc2": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-06-16", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-6141", + "packageRef": "8ee5cd15-effa-4f61-be97-2b0085afba56", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00019, + "percentile": 0.03543, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-06-16T22:16:41.527Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3 + }, + "publicationDate": "2025-06-16T22:00:17.088Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2025-06-16T22:16:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-03-24T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "582c2717-21e1-4bdb-b490-14a8c5cb5483": { + "cvssScore": { + "score": 7.8, + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-08-13", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-8941", + "packageRef": "b43ceb38-4a06-4a0b-af79-dff85981a359", + "providersMetadata": { + "alibaba": { + "severity": "high" + }, + "almalinux": { + "publicationDate": "2025-09-03T00:00:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00027, + "percentile": 0.05884, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-08-13T15:15:41.873Z" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + }, + "rocky": { + "publicationDate": "2025-09-08T14:19:01Z" + }, + "ubuntu": { + "publicationDate": "2025-08-13T15:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "5a924159-12ee-47f6-b7fc-be2cbdc6eaa0": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010022", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00145, + "percentile": 0.35541, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8, + "exploitability_score": 3.9, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.317Z", + "severity": "critical" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2019-03-20T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2013-06-02T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "5ad34bb2-530a-447d-9e80-155d5cbdb90e": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "fcde55a3-c2c0-418e-a497-15a2fd34b684", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "6288bd1f-eac2-4ddb-b9ed-cbee5959cbaf": { + "cvssScore": { + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-14", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2021-45346", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00242, + "percentile": 0.47455, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "score": 4.3, + "exploitability_score": 2.8, + "impact_score": 1.4 + }, + "publicationDate": "2022-02-14T19:15:07.793Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "score": 4.3 + }, + "publicationDate": "2021-03-16T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2022-02-14T19:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "score": 4.3 + }, + "publicationDate": "2021-12-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "66e12ebc-bffe-4fc3-b829-72b1036951bc": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "caf5a22e-529b-48ec-896d-5789a8283192", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "676ebef5-28e1-4465-9c4a-027685668763": { + "cvssScore": { + "score": 10, + "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" + }, + "disclosureDate": "2005-08-10", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2005-2541", + "packageRef": "71919f87-8f07-470d-a498-95cf0b67a8e3", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.01572, + "percentile": 0.80916, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "score": 10, + "exploitability_score": 10, + "impact_score": 10 + }, + "publicationDate": "2005-08-10T04:00:00Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 7 + }, + "publicationDate": "2005-08-04T00:00:00Z", + "severity": "medium" + }, + "vulndb": { + "publicationDate": "2005-08-04T22:57:47Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "67d5a8d8-59e6-405e-8bbc-47da50ca8ca4": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "fc3f4e27-be0b-41b1-8142-6e15c7698acf", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "6a43bbd1-34a1-47b5-9ff0-3c60ed1cb016": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "fe7ca75a-f12d-4a58-8ba2-995b19246887", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "6b3df191-9ca7-4a50-9e4d-eb2e5ace9882": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "2666a2aa-450a-4887-89ea-ebdc8a0931da", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "6c2b9a2b-2fd5-4c49-9a96-ca21a8e38dd6": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2020-01-31", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-4116", + "packageRef": "48cb122c-c1ed-4647-b334-ba1af6eeec39", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00205, + "percentile": 0.42893, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2020-01-31T18:15:11.343Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2020-01-31T18:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:P", + "score": 5.4 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "6d70ee1d-5cc1-40d8-98a1-fb2b3997fb8a": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31437", + "packageRef": "816f007a-9469-419b-8c38-de1c3cecb37d", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00131, + "percentile": 0.33507, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.657Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "75b33bfc-aaa7-4009-a62c-5f45fb84a1fd": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "abb6b771-93f0-4b78-a523-24da05ba4bc8", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "77520018-4f82-4800-b258-11e8c8d78e86": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010024", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00375, + "percentile": 0.5843, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.473Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "7787fc63-f0b8-4d0c-ad62-3e4d7a309877": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-20796", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-01-20T10:12:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.01835, + "percentile": 0.82297, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T02:29:00.45Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "score": 5.3 + }, + "publicationDate": "2019-01-20T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-02-26T02:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2018-09-12T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "7bdb12db-2446-4695-9045-c431567619b3": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-09-25", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-10911", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00012, + "percentile": 0.01159, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-09-25T16:15:31.337Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "score": 5.5 + }, + "publicationDate": "2025-08-04T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2025-09-26T00:00:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8 + }, + "publicationDate": "2025-06-04T00:00:00Z", + "severity": "critical" + } + }, + "riskAcceptRefs": null, + "severity": "critical" + }, + "7c4bad57-191b-461f-bf27-8cdf1ec77c6d": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2020-01-31", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-4116", + "packageRef": "4758d3a2-802f-4e0f-9cac-ecd5c24f4ad5", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00205, + "percentile": 0.42893, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2020-01-31T18:15:11.343Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2020-01-31T18:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:P", + "score": 5.4 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "7cdcab42-03cd-45a6-8d93-abb1f2539f52": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010025", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00228, + "percentile": 0.45645, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.537Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 2.9 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "score": 3.1 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "7d027134-b1ff-4ec4-8a27-f5049e44105c": { + "cvssScore": { + "score": 4, + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + "disclosureDate": "2011-03-02", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2010-4756", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00373, + "percentile": 0.58323, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "score": 4, + "exploitability_score": 8, + "impact_score": 2.9 + }, + "publicationDate": "2011-03-02T20:00:01.037Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2011-03-02T20:00:00Z", + "severity": "low" + }, + "vulndb": { + "publicationDate": "2010-10-07T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "7e1549e7-0a43-4e56-9dae-e28eda7d618b": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-20796", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-01-20T10:12:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.01835, + "percentile": 0.82297, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T02:29:00.45Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "score": 5.3 + }, + "publicationDate": "2019-01-20T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-02-26T02:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2018-09-12T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "809790ac-b019-4679-9f39-3446e0b48c58": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26461", + "packageRef": "4228ee88-50ce-4578-bcc5-5c113e868b7f", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00063, + "percentile": 0.20132, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.82Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "80f16cf6-1ce9-4a56-a621-e86ff331d0d1": { + "cvssScore": { + "score": 8.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010023", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "euleros": { + "publicationDate": "2019-07-15T08:15:13Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00722, + "percentile": 0.71731, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 8.8, + "exploitability_score": 2.8, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.397Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "8603c3fb-af50-4230-b394-263b67b64a34": { + "cvssScore": { + "score": 7.8, + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-08-13", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-8941", + "packageRef": "8633d329-e723-4625-b9fd-c7dfe1f06896", + "providersMetadata": { + "alibaba": { + "severity": "high" + }, + "almalinux": { + "publicationDate": "2025-09-03T00:00:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00027, + "percentile": 0.05884, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-08-13T15:15:41.873Z" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + }, + "rocky": { + "publicationDate": "2025-09-08T14:19:01Z" + }, + "ubuntu": { + "publicationDate": "2025-08-13T15:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "8a4358c9-7496-4364-9f23-ba7304164b3a": { + "cvssScore": { + "score": 3.3, + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "version": "2.0" + }, + "disclosureDate": "2013-10-28", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2013-4392", + "packageRef": "9f057c77-836a-4bcd-bb96-eb450f83afc1", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00067, + "percentile": 0.21286, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "score": 3.3, + "exploitability_score": 3.4, + "impact_score": 4.9 + }, + "publicationDate": "2013-10-28T22:55:03.773Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "score": 3.3 + }, + "publicationDate": "2013-09-23T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2013-10-28T22:55:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2012-09-20T05:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "8be4996f-f1bc-4378-91a2-875f4014b575": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31437", + "packageRef": "9f057c77-836a-4bcd-bb96-eb450f83afc1", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00131, + "percentile": 0.33507, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.657Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "8f58a2f1-e74c-468f-b649-f410206b1495": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010025", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00228, + "percentile": 0.45645, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.537Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 2.9 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "score": 3.1 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "923ad276-a9d1-4b22-8a5a-bd98145ec144": { + "cvssScore": { + "score": 4.7, + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-01-04", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2017-18018", + "packageRef": "bf4e7de7-0d97-45cd-bef0-45de73dc4999", + "providersMetadata": { + "euleros": { + "publicationDate": "2017-12-20T09:20:00Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00057, + "percentile": 0.17895, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "score": 4.7, + "exploitability_score": 1, + "impact_score": 3.6 + }, + "publicationDate": "2018-01-04T04:29:00.19Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "score": 4.2 + }, + "publicationDate": "2017-12-20T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2018-01-04T04:29:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", + "score": 1.2 + }, + "publicationDate": "2017-12-20T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "92bf8fc3-fb6f-4260-a924-1f9ef0e704ca": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26458", + "packageRef": "9594165a-0f03-480f-9683-16af7fd2032c", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00212, + "percentile": 0.43844, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.78Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "92d2dd1b-6296-4600-a78a-9eb5862a19c4": { + "cvssScore": { + "score": 3.7, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-10-31", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2024-7883", + "packageRef": "3f3da671-46cb-47b3-b154-175d5b8b6845", + "providersMetadata": { + "azurelinux": { + "severity": "low" + }, + "euleros": { + "publicationDate": "2025-03-31T16:24:03Z", + "severity": "low" + }, + "first.org": { + "epssScore": { + "score": 0.00108, + "percentile": 0.29735, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-10-31T17:15:14.013Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 3.7 + }, + "publicationDate": "2024-10-31T17:01:49.725Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2024-10-31T17:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 3.7 + }, + "publicationDate": "2024-10-31T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "low", + "solutionDate": "2024-10-31" + }, + "94e08d5a-a6a7-41c5-bb4d-6f4087cdb552": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "79bd9478-9894-4835-8ca3-65bfcdb605f1", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "9628aabc-6757-4def-af38-b56626c5b9ec": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26458", + "packageRef": "4228ee88-50ce-4578-bcc5-5c113e868b7f", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00212, + "percentile": 0.43844, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.78Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "9b3440a0-761c-4769-bd32-53373823e4c4": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-9192", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-02-03T10:13:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00363, + "percentile": 0.577, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T18:29:00.34Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "score": 2.8 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-02-26T18:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "9b7c961c-1ad5-4ea2-9e8a-8b5d31cfeac2": { + "cvssScore": { + "score": 4, + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + "disclosureDate": "2011-03-02", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2010-4756", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00373, + "percentile": 0.58323, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "score": 4, + "exploitability_score": 8, + "impact_score": 2.9 + }, + "publicationDate": "2011-03-02T20:00:01.037Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2011-03-02T20:00:00Z", + "severity": "low" + }, + "vulndb": { + "publicationDate": "2010-10-07T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "9fd0028b-c08b-42a9-9234-3a6e0401dc98": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + }, + "disclosureDate": "2025-09-10", + "exploitable": false, + "mainProvider": "nvd", + "name": "CVE-2025-9714", + "packageRef": "6e0a16a8-de83-4236-92a5-7ca2d4870a15", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00014, + "percentile": 0.0185, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2025-09-10T19:15:42.707Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2025-09-02T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2025-09-10T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2022-07-28T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "medium", + "solutionDate": "2022-08-17" + }, + "a621a7ee-9dfe-4a7b-b2cc-49d56b91c44f": { + "cvssScore": { + "score": 3.7, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2019-11-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-3374", + "packageRef": "9fce136a-0206-48f6-bae4-3ba72af35435", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.0155, + "percentile": 0.80808, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7, + "exploitability_score": 2.2, + "impact_score": 1.4 + }, + "publicationDate": "2019-11-26T00:15:11.03Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-11-26T00:15:00Z", + "severity": "critical" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "score": 7.6 + }, + "publicationDate": "2011-09-22T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "a6ffaad7-ce49-4fcb-b358-33e4d343622a": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2020-01-31", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-4116", + "packageRef": "b165b195-61ea-4aa3-872f-bc249bbe9bf3", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00205, + "percentile": 0.42893, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2020-01-31T18:15:11.343Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2020-01-31T18:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:P", + "score": 5.4 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "a903f3f7-72e9-47c7-8142-c3f33ee76842": { + "cvssScore": { + "score": 2.5, + "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2025-05-27", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2025-5278", + "packageRef": "bf4e7de7-0d97-45cd-bef0-45de73dc4999", + "providersMetadata": { + "amazon": { + "publicationDate": "2025-09-15T23:14:00Z" + }, + "euleros": { + "publicationDate": "2025-08-09T09:05:17Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05332, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-05-27T21:15:23.197Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "score": 4.4 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "score": 4.4 + }, + "publicationDate": "2025-05-27T00:00:00Z", + "severity": "medium" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "score": 4.4 + }, + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2025-05-27T21:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "score": 2.5 + }, + "publicationDate": "2025-05-20T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "af2d447a-5fa4-4759-94b4-87a00860763b": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010022", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00145, + "percentile": 0.35541, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8, + "exploitability_score": 3.9, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.317Z", + "severity": "critical" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2019-03-20T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2013-06-02T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "b46490a9-2faa-4014-969f-796ac5813360": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010022", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00145, + "percentile": 0.35541, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8, + "exploitability_score": 3.9, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.317Z", + "severity": "critical" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2019-03-20T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2013-06-02T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "b50edb69-c04b-492b-af6c-eb1db603c37d": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26461", + "packageRef": "1e98b723-f7ef-4768-8573-e6839cddfecc", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00063, + "percentile": 0.20132, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.82Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "critical" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "b9721b5d-dd2d-4f25-a92d-7c6aec9ead0e": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + }, + "disclosureDate": "2017-12-18", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2017-17740", + "packageRef": "be31966e-4048-4b95-8e8b-dfc0c311dda3", + "providersMetadata": { + "euleros": { + "publicationDate": "2017-09-12T15:10:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.02838, + "percentile": 0.85704, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2017-12-18T06:29:00.397Z", + "severity": "high" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2017-10-20T00:00:00Z", + "severity": "medium" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2017-12-18T06:29:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "score": 5.4 + }, + "publicationDate": "2017-10-20T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "c0c64273-4b2a-4e12-89d3-4baabdb0f7f4": { + "cvssScore": { + "score": 8.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010023", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "euleros": { + "publicationDate": "2019-07-15T08:15:13Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00722, + "percentile": 0.71731, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 8.8, + "exploitability_score": 2.8, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.397Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "c1bb9379-0ecf-4988-83cd-0259b416d83a": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010025", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00228, + "percentile": 0.45645, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.537Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 2.9 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "score": 3.1 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "c32b25f0-8d1a-4e4c-9df8-1819dd600d78": { + "cvssScore": { + "score": 3.7, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2019-11-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-3374", + "packageRef": "4912ec38-47b5-4d7f-bd2b-a3886ca9cd40", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.0155, + "percentile": 0.80808, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7, + "exploitability_score": 2.2, + "impact_score": 1.4 + }, + "publicationDate": "2019-11-26T00:15:11.03Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-11-26T00:15:00Z", + "severity": "critical" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "score": 7.6 + }, + "publicationDate": "2011-09-22T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "c3e3a4cb-d018-4c3e-a37a-64359a839540": { + "cvssScore": { + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "disclosureDate": "2022-02-21", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-0563", + "packageRef": "06a6272c-0ee5-4be0-8bd2-a812d2a5ccf9", + "providersMetadata": { + "amazon": { + "publicationDate": "2022-12-01T20:32:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "bottlerocket": { + "severity": "medium" + }, + "euleros": { + "publicationDate": "2024-05-31T16:58:14Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00025, + "percentile": 0.05434, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "gentoo": { + "publicationDate": "2024-01-07T08:30:19.701387Z", + "severity": "medium" + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5, + "exploitability_score": 1.8, + "impact_score": 3.6 + }, + "publicationDate": "2022-02-21T19:15:08.393Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "publicationDate": "2022-02-14T11:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2022-02-21T19:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 4.7 + }, + "publicationDate": "2022-02-14T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible", + "solutionDate": "2022-02-14" + }, + "c905d112-14c4-4aa0-8b5a-9ca75c0baf31": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2017-04-05", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2015-9019", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "providersMetadata": { + "euleros": { + "publicationDate": "2017-04-06T01:59:00Z", + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00984, + "percentile": 0.76049, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2017-04-05T21:59:00.147Z", + "severity": "medium" + }, + "opensuse": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "score": 4 + }, + "publicationDate": "2015-11-20T00:00:00Z", + "severity": "low" + }, + "suse": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2017-04-05T21:59:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "score": 5 + }, + "publicationDate": "2015-11-20T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "cdd687a1-8e35-471a-816e-9e41b4ded774": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-20796", + "packageRef": "6542a4e5-f297-41d0-bba0-0a33e4214147", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-01-20T10:12:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.01835, + "percentile": 0.82297, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T02:29:00.45Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "score": 5.3 + }, + "publicationDate": "2019-01-20T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-02-26T02:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2018-09-12T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "cf8d10df-1b2f-492e-a68b-7623f8d98014": { + "cvssScore": { + "score": 4.9, + "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "version": "2.0" + }, + "disclosureDate": "2007-10-28", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2007-5686", + "packageRef": "b6505d4b-43a9-4a8f-afe8-1a7265c17021", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00153, + "percentile": 0.36682, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "score": 4.9, + "exploitability_score": 3.9, + "impact_score": 6.9 + }, + "publicationDate": "2007-10-28T17:08:00Z", + "severity": "medium" + }, + "vulndb": { + "publicationDate": "2007-10-11T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "d5104e8a-4cc8-422e-bc81-b9508b31cd51": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-08-08", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2025-8732", + "packageRef": "6e0a16a8-de83-4236-92a5-7ca2d4870a15", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00007, + "percentile": 0.00413, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-08-08T17:15:30.583Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3 + }, + "publicationDate": "2025-08-08T16:32:06.99Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2025-08-08T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-07-25T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "d7600603-ed17-427d-9c4a-d82ec8a7833c": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-9192", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-02-03T10:13:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00363, + "percentile": 0.577, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T18:29:00.34Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "score": 2.8 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2019-02-26T18:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2019-02-26T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "d790c3e3-8fde-46de-865c-7c1739261421": { + "cvssScore": { + "score": 4, + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + "disclosureDate": "2011-03-02", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2010-4756", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00373, + "percentile": 0.58323, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "score": 4, + "exploitability_score": 8, + "impact_score": 2.9 + }, + "publicationDate": "2011-03-02T20:00:01.037Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2011-03-02T20:00:00Z", + "severity": "low" + }, + "vulndb": { + "publicationDate": "2010-10-07T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "d7d19b16-e0a1-4692-a919-ad1348e696e5": { + "cvssScore": { + "score": 4.7, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + }, + "disclosureDate": "2017-09-05", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2017-14159", + "packageRef": "be31966e-4048-4b95-8e8b-dfc0c311dda3", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00113, + "percentile": 0.30663, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "score": 4.7, + "exploitability_score": 1, + "impact_score": 3.6 + }, + "publicationDate": "2017-09-05T18:29:00.133Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "score": 4.4 + }, + "publicationDate": "2017-07-28T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2017-09-05T18:29:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", + "score": 1.2 + }, + "publicationDate": "2017-07-28T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "dbda6c16-f9ae-4b7a-a123-fc8e60771789": { + "cvssScore": { + "score": 7.8, + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-08-13", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-8941", + "packageRef": "94aae9b4-ef6c-46ee-ac3e-4809cbbe9f1d", + "providersMetadata": { + "alibaba": { + "severity": "high" + }, + "almalinux": { + "publicationDate": "2025-09-03T00:00:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00027, + "percentile": 0.05884, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-08-13T15:15:41.873Z" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + }, + "rocky": { + "publicationDate": "2025-09-08T14:19:01Z" + }, + "ubuntu": { + "publicationDate": "2025-08-13T15:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-08-13T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "dc32fad2-c96e-4739-80da-294707339b1c": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31439", + "packageRef": "9f057c77-836a-4bcd-bb96-eb450f83afc1", + "providersMetadata": { + "amazon": { + "publicationDate": "2024-09-12T18:30:00Z" + }, + "bottlerocket": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00096, + "percentile": 0.27778, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.753Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "dd410b92-43e4-4cab-a75a-688322e1dc89": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010024", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00375, + "percentile": 0.5843, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.473Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "de1f979d-0d18-4115-9143-388d59721a37": { + "cvssScore": { + "score": 3.6, + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-12-26", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2024-56433", + "packageRef": "b6505d4b-43a9-4a8f-afe8-1a7265c17021", + "providersMetadata": { + "azurelinux": { + "severity": "low" + }, + "first.org": { + "epssScore": { + "score": 0.03604, + "percentile": 0.87309, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-12-26T09:15:07.267Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "score": 3.6 + }, + "publicationDate": "2024-12-26T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2024-12-26T09:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "score": 3.6 + }, + "publicationDate": "2024-12-22T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "low" + }, + "df7ae259-5cdc-4577-acc5-9f22706358e1": { + "cvssScore": { + "score": 8.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010023", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "euleros": { + "publicationDate": "2019-07-15T08:15:13Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.00722, + "percentile": 0.71731, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 8.8, + "exploitability_score": 2.8, + "impact_score": 5.9 + }, + "publicationDate": "2019-07-15T04:15:13.397Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "dfbadbf9-6e11-45f1-a332-17bbf2ef32d1": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010024", + "packageRef": "be2019ea-33c1-4488-a72b-73f0495354c6", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00375, + "percentile": 0.5843, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.473Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 3.7 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "e2011c93-495f-464a-93d5-e0e173390b45": { + "cvssScore": { + "score": 3.3, + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "version": "2.0" + }, + "disclosureDate": "2013-10-28", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2013-4392", + "packageRef": "816f007a-9469-419b-8c38-de1c3cecb37d", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00067, + "percentile": 0.21286, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "score": 3.3, + "exploitability_score": 3.4, + "impact_score": 4.9 + }, + "publicationDate": "2013-10-28T22:55:03.773Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "score": 3.3 + }, + "publicationDate": "2013-09-23T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2013-10-28T22:55:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2012-09-20T05:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "e30fb5d9-b497-49f8-8299-88bc021ba8f8": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-06-16", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-6141", + "packageRef": "1e54a742-6808-4e2b-baad-c87cb7b8605d", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00019, + "percentile": 0.03543, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-06-16T22:16:41.527Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3 + }, + "publicationDate": "2025-06-16T22:00:17.088Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2025-06-16T22:16:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-03-24T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "e714addb-59d7-41c2-acdc-aced15d0cbdc": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-06-16", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-6141", + "packageRef": "3fee61e3-25a1-48c6-91f1-389523bb4c6c", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00019, + "percentile": 0.03543, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-06-16T22:16:41.527Z" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3 + }, + "publicationDate": "2025-06-16T22:00:17.088Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2025-06-16T22:16:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-03-24T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "e9409214-1545-4c74-b291-747b694a5890": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2019-07-15", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2019-1010025", + "packageRef": "b665cc59-0197-46b3-9a0c-f23e4a22cb84", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00228, + "percentile": 0.45645, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2019-07-15T04:15:13.537Z", + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "score": 2.9 + }, + "publicationDate": "2019-07-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2019-07-15T04:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "score": 3.1 + }, + "publicationDate": "2018-02-16T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "e95ec963-146c-4f46-8b9b-46ff22e818ba": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + }, + "disclosureDate": "2018-01-16", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-5709", + "packageRef": "9594165a-0f03-480f-9683-16af7fd2032c", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00463, + "percentile": 0.63394, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2018-01-16T09:29:00.5Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "score": 6.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "negligible" + }, + "ubuntu": { + "publicationDate": "2018-01-16T09:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "score": 9.3 + }, + "publicationDate": "2018-01-15T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "eb2069eb-8446-4f01-a01f-f98614da59bf": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2019-02-26", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2018-20796", + "packageRef": "ffd8a4c3-b887-4429-b32e-f32a80b64eba", + "providersMetadata": { + "azurelinux": { + "severity": "high" + }, + "euleros": { + "publicationDate": "2019-01-20T10:12:00Z", + "severity": "high" + }, + "first.org": { + "epssScore": { + "score": 0.01835, + "percentile": 0.82297, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5, + "exploitability_score": 3.9, + "impact_score": 3.6 + }, + "publicationDate": "2019-02-26T02:29:00.45Z", + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.0", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "score": 5.3 + }, + "publicationDate": "2019-01-20T00:00:00Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2019-02-26T02:29:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2018-09-12T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "eb808ff2-b45f-4614-82c7-6e1930f877ab": { + "cvssScore": { + "score": 4.9, + "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "version": "2.0" + }, + "disclosureDate": "2007-10-28", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2007-5686", + "packageRef": "06d0987c-027a-48bb-bc79-04f4e8c3a179", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00153, + "percentile": 0.36682, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "score": 4.9, + "exploitability_score": 3.9, + "impact_score": 6.9 + }, + "publicationDate": "2007-10-28T17:08:00Z", + "severity": "medium" + }, + "vulndb": { + "publicationDate": "2007-10-11T00:00:00Z" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "ec94f263-eb47-4984-bc73-7b09e8754747": { + "cvssScore": { + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-07-10", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-7425", + "packageRef": "56032e00-b2c3-4782-8a7c-1083739e7372", + "providersMetadata": { + "alibaba": { + "severity": "high" + }, + "almalinux": { + "publicationDate": "2025-07-31T00:00:00Z", + "severity": "high" + }, + "amazon": { + "publicationDate": "2025-08-18T23:13:00Z" + }, + "first.org": { + "epssScore": { + "score": 0.00027, + "percentile": 0.05894, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-07-10T14:15:27.877Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "score": 7.8 + }, + "publicationDate": "2025-07-10T00:00:00Z", + "severity": "high" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "score": 7.8 + }, + "severity": "high" + }, + "ubuntu": { + "publicationDate": "2025-07-10T14:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "publicationDate": "2025-07-09T00:00:00Z", + "severity": "high" + } + }, + "riskAcceptRefs": null, + "severity": "high" + }, + "ef36a481-d41a-4779-898c-53d7b2d11596": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "disclosureDate": "2023-02-23", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2022-3219", + "packageRef": "94e8e8d0-52b5-4104-a547-75180d6eaf24", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00013, + "percentile": 0.0141, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2023-02-23T20:15:12.393Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 6.2 + }, + "publicationDate": "2022-09-15T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2023-02-23T20:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2022-05-22T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "fb0ed0be-1325-4ba7-9289-f6b565991fba": { + "cvssScore": { + "score": 0, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.0" + }, + "disclosureDate": "2024-02-29", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2024-26458", + "packageRef": "58270767-3784-4f00-83a5-1fe7f84fd491", + "providersMetadata": { + "alibaba": { + "severity": "medium" + }, + "almalinux": { + "publicationDate": "2024-11-12T00:00:00Z", + "severity": "medium" + }, + "amazon": { + "publicationDate": "2024-04-10T22:17:00Z" + }, + "azurelinux": { + "severity": "medium" + }, + "first.org": { + "epssScore": { + "score": 0.00212, + "percentile": 0.43844, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2024-02-29T01:44:18.78Z" + }, + "opensuse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "oracle": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "severity": "medium" + }, + "rhel": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 5.9 + }, + "publicationDate": "2024-02-28T00:00:00Z", + "severity": "low" + }, + "rocky": { + "publicationDate": "2024-06-14T13:59:16Z" + }, + "suse": { + "cvssScore": { + "version": "3.1", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "score": 7.5 + }, + "severity": "high" + }, + "ubuntu": { + "publicationDate": "2024-02-29T01:44:00Z", + "severity": "negligible" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "score": 0 + }, + "publicationDate": "2024-02-15T00:00:00Z", + "severity": "negligible" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "fd9a7a3b-992d-4ba2-8e30-91efcf74b91c": { + "cvssScore": { + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2020-01-31", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2011-4116", + "packageRef": "14c06965-a92f-4fe0-93d8-fdbe501fe202", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00205, + "percentile": 0.42893, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 3.3, + "exploitability_score": 1.8, + "impact_score": 1.4 + }, + "publicationDate": "2020-01-31T18:15:11.343Z", + "severity": "low" + }, + "rhel": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "score": 1.9 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "low" + }, + "ubuntu": { + "publicationDate": "2020-01-31T18:15:00Z", + "severity": "low" + }, + "vulndb": { + "cvssScore": { + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:P", + "score": 5.4 + }, + "publicationDate": "2011-06-27T00:00:00Z", + "severity": "medium" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + }, + "fe5081d2-ffbd-494e-99a6-b15540e07006": { + "cvssScore": { + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + }, + "disclosureDate": "2025-09-08", + "exploitable": false, + "mainProvider": "vulndb", + "name": "CVE-2025-7709", + "packageRef": "99d218e2-3280-47e5-92ca-fbab20292b7f", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00047, + "percentile": 0.14089, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "publicationDate": "2025-09-08T15:15:38.18Z" + }, + "ubuntu": { + "publicationDate": "2025-09-08T15:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "score": 9.8 + }, + "publicationDate": "2025-07-15T00:00:00Z", + "severity": "critical" + } + }, + "riskAcceptRefs": null, + "severity": "critical", + "solutionDate": "2025-07-17" + }, + "fe52c8b8-2aa5-4369-86b3-a38ccf269c92": { + "cvssScore": { + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "disclosureDate": "2023-06-13", + "exploitable": false, + "mainProvider": "debian", + "name": "CVE-2023-31438", + "packageRef": "9f057c77-836a-4bcd-bb96-eb450f83afc1", + "providersMetadata": { + "first.org": { + "epssScore": { + "score": 0.00103, + "percentile": 0.28907, + "timestamp": "2025-09-30T00:00:00Z" + } + }, + "nvd": { + "cvssScore": { + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "score": 5.3, + "exploitability_score": 3.9, + "impact_score": 1.4 + }, + "publicationDate": "2023-06-13T17:15:14.707Z", + "severity": "medium" + }, + "ubuntu": { + "publicationDate": "2023-06-13T17:15:00Z", + "severity": "medium" + }, + "vulndb": { + "cvssScore": { + "version": "3.0", + "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "score": 2.5 + }, + "publicationDate": "2023-06-09T00:00:00Z", + "severity": "low" + } + }, + "riskAcceptRefs": null, + "severity": "negligible" + } + } + } +} From 5710ee87477cf1691fb9c069cac7056c80740f6d Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Wed, 1 Oct 2025 14:20:22 +0200 Subject: [PATCH 4/4] ci: test multiple base images to verify the domain model works correctly --- Cargo.lock | 105 ++++++++++++++++++++++++++++++ Cargo.toml | 1 + src/infra/sysdig_image_scanner.rs | 98 ++++++++++++++-------------- 3 files changed, 155 insertions(+), 49 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e9e55b8..ec7ae6e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -546,6 +546,12 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" +[[package]] +name = "futures-timer" +version = "3.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24" + [[package]] name = "futures-util" version = "0.3.31" @@ -593,6 +599,12 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + [[package]] name = "h2" version = "0.4.12" @@ -1349,6 +1361,15 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "proc-macro-crate" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983" +dependencies = [ + "toml_edit", +] + [[package]] name = "proc-macro2" version = "1.0.101" @@ -1471,6 +1492,12 @@ version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001" +[[package]] +name = "relative-path" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba39f3699c378cd8970968dcbff9c43159ea4cfbd88d43c00b22f2ef10a435d2" + [[package]] name = "reqwest" version = "0.12.23" @@ -1525,12 +1552,50 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rstest" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f5a3193c063baaa2a95a33f03035c8a72b83d97a54916055ba22d35ed3839d49" +dependencies = [ + "futures-timer", + "futures-util", + "rstest_macros", +] + +[[package]] +name = "rstest_macros" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c845311f0ff7951c5506121a9ad75aec44d083c31583b2ea5a30bcb0b0abba0" +dependencies = [ + "cfg-if", + "glob", + "proc-macro-crate", + "proc-macro2", + "quote", + "regex", + "relative-path", + "rustc_version", + "syn", + "unicode-ident", +] + [[package]] name = "rustc-demangle" version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "rustix" version = "1.1.2" @@ -1895,6 +1960,7 @@ dependencies = [ "rand", "regex", "reqwest", + "rstest", "semver", "serde", "serde_json", @@ -2087,6 +2153,36 @@ dependencies = [ "tokio", ] +[[package]] +name = "toml_datetime" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1" +dependencies = [ + "serde_core", +] + +[[package]] +name = "toml_edit" +version = "0.23.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3effe7c0e86fdff4f69cdd2ccc1b96f933e24811c5441d44904e8683e27184b" +dependencies = [ + "indexmap 2.11.4", + "toml_datetime", + "toml_parser", + "winnow", +] + +[[package]] +name = "toml_parser" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627" +dependencies = [ + "winnow", +] + [[package]] name = "tower" version = "0.4.13" @@ -2712,6 +2808,15 @@ version = "0.53.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" +[[package]] +name = "winnow" +version = "0.7.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf" +dependencies = [ + "memchr", +] + [[package]] name = "wit-bindgen" version = "0.46.0" diff --git a/Cargo.toml b/Cargo.toml index 37dfd8f..d3ad9cc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,5 +36,6 @@ tracing-subscriber = "0.3.19" [dev-dependencies] itertools = "0.14.0" lazy_static = "1.5.0" +rstest = "0.26.1" tracing-subscriber = { version = "0.3.19", features = ["fmt", "env-filter"] } tracing-test = "0.2.5" diff --git a/src/infra/sysdig_image_scanner.rs b/src/infra/sysdig_image_scanner.rs index fb3329d..8ac8eba 100644 --- a/src/infra/sysdig_image_scanner.rs +++ b/src/infra/sysdig_image_scanner.rs @@ -140,67 +140,67 @@ fn deserialize_with_debug(json_bytes: &[u8]) -> Result SysdigImageScanner { + let sysdig_secure_url: String = std::env::var("SECURE_API_URL").expect("SECURE_API_URL env var not set"); - static ref SYSDIG_SECURE_TOKEN: SysdigAPIToken = + let sysdig_secure_token: SysdigAPIToken = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").expect("SECURE_API_TOKEN not set")); + SysdigImageScanner::new(sysdig_secure_url.clone(), sysdig_secure_token.clone()) } + #[rstest] + #[case("ubuntu:22.04")] + #[case("ubuntu@sha256:a76d0e9d99f0e91640e35824a6259c93156f0f07b7778ba05808c750e7fa6e68")] + #[case("debian:11")] + #[case("alpine:3.16")] + #[case("centos:7")] + #[case("nginx:1.23")] + #[case("postgres:14")] + #[case("mysql:8.0")] + #[case("node:18")] + #[case("python:3.13")] + #[case("golang:1.25")] + #[case("rust:1.88")] + #[case("quay.io/prometheus/prometheus:v2.40.1")] + #[case("registry.access.redhat.com/ubi8/ubi:latest")] + #[case("gcr.io/distroless/static-debian12")] + #[case("gcr.io/distroless/base-debian12")] + #[case("amazonlinux:2")] + #[case("mongo:5.0")] + #[case("quay.io/sysdig/agent-slim:latest")] + #[case("openjdk:11-jre-slim")] + #[case("quay.io/sysdig/sysdig-ubi9:1")] + #[serial_test::file_serial(scanner)] #[tokio::test] - async fn it_retrieves_the_scanner_from_the_specified_version() { - let scanner = - SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone()); - - let report = scanner.scan("ubuntu:22.04").await.unwrap(); - - assert_eq!(report.scanner.name, "sysdig-cli-scanner"); - assert_eq!(report.result.metadata.pull_string, "ubuntu:22.04"); - } - - #[tokio::test] - async fn it_scans_the_ubuntu_image_correctly() { - let scanner = - SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone()); - - let report = scanner - .scan_image( - "ubuntu@sha256:a76d0e9d99f0e91640e35824a6259c93156f0f07b7778ba05808c750e7fa6e68", - ) - .await - .unwrap(); + async fn it_scans_popular_images_correctly_test( + scanner: SysdigImageScanner, + #[case] image_to_scan: &str, + ) { + use crate::app::ImageScanner; - assert_eq!( - report.metadata().pull_string(), - "ubuntu@sha256:a76d0e9d99f0e91640e35824a6259c93156f0f07b7778ba05808c750e7fa6e68" - ); + let report = scanner.scan_image(image_to_scan).await.unwrap(); - assert!(!report.layers().is_empty()); - assert!(!report.vulnerabilities().is_empty()); + assert_eq!(report.metadata().pull_string(), image_to_scan); assert!(!report.packages().is_empty()); - assert!(report.evaluation_result().is_failed()); - } - - #[test] - #[traced_test] - fn it_logs_invalid_json_on_deserialization_error() { - let invalid_json = b"{\"foo\": \"bar\"}"; - - let result = deserialize_with_debug(invalid_json); - assert!(result.is_err()); - assert!(logs_contain( - "Failed to deserialize scanner output. Raw JSON: {\"foo\": \"bar\"}" - )); + assert!(!report.layers().is_empty()); } }