Cosign 1.*.* branch #7126
GarrykZ
started this conversation in
False Detection
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
CVE-2022-36056, CVE-2022-35929, CVE-2022-23649
Description
These CVEs is valid for cosign version 1, but also appearing if using cosign v2.
I'm using cosign 2.2.4 in alpine 3.18, installed by apk-file from vendor.
There is some proofs:
Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Target OS
Alpine 3.18.7 x86-64
Debug Output
Can't do it with trivy-server
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions