marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: add Snyk scans to docs (#9856)

Browse Source 
* chore: generate Snyk reports

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

sarif

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

dashboard

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

cron job

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

more consistent formatting

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

clarification

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

sarif files

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

fix naming, fix doc get text

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

apply suggestions

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

apply suggestions

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

blarn

Signed-off-by: CI <michael@crenshaw.dev>

ignore errors due to vulns

Signed-off-by: CI <michael@crenshaw.dev>

specify target branch in script

Signed-off-by: CI <michael@crenshaw.dev>

don't checkout before running script

Signed-off-by: CI <michael@crenshaw.dev>

make sure dest dir exists

Signed-off-by: CI <michael@crenshaw.dev>

fix workflow

Signed-off-by: CI <michael@crenshaw.dev>

* update scans

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* use latest ignore rules

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* update reports, add link to latest, push to master instead of stable

Signed-off-by: CI <michael@crenshaw.dev>

* fix for double-digit patch versions

Signed-off-by: CI <michael@crenshaw.dev>

* clean up testing changes

Signed-off-by: CI <michael@crenshaw.dev>
This commit is contained in:
Michael Crenshaw
2022-07-27 17:15:00 -04:00
committed by GitHub
parent a329416788
commit e3940cd2bf
37 changed files with 76570 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.github/workflows/image.yaml vendored
View File

@@ -58,10 +58,22 @@ jobs:
run: |
npm install -g snyk
# Run with high threshold to fail build.
snyk test --org=argoproj --all-projects --exclude=docs,site --severity-threshold=high --policy-path=.snyk
snyk iac test manifests/install.yaml --org=argoproj --severity-threshold=high --policy-path=.snyk
./hack/snyk-non-container-tests.sh
- uses: github/codeql-action/upload-sarif@v1
if: github.event_name == 'push'
with:
category: Snyk code scan
sarif_file: /tmp/argocd-test.sarif
- uses: github/codeql-action/upload-sarif@v1
if: github.event_name == 'push'
with:
category: Snyk IaC scan for cluster install manifests
sarif_file: /tmp/argocd-iac-test-install.sarif
- uses: github/codeql-action/upload-sarif@v1
if: github.event_name == 'push'
with:
category: Snyk IaC scan for namespace install manifests
sarif_file: /tmp/argocd-iac-test-namespace-install.sarif
- run: |
IMAGE_PLATFORMS=linux/amd64
if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
@@ -74,13 +86,18 @@ jobs:
-t quay.io/argoproj/argocd:latest .
working-directory: ./src/github.com/argoproj/argo-cd
- name: Run container Snyk scan
- name: Run container Snyk scans
if: github.event_name == 'push'
working-directory: ./src/github.com/argoproj/argo-cd
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk container test quay.io/argoproj/argocd:latest --org=argoproj --file=Dockerfile --severity-threshold=high
make snyk-container-tests
- uses: github/codeql-action/upload-sarif@v1
if: github.event_name == 'push'
with:
category: Snyk scan for Argo CD image
sarif_file: /tmp/argocd-image.sarif
# deploy
- run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"

24
.github/workflows/update-snyk.yaml vendored Normal file
View File

@@ -0,0 +1,24 @@
name: Snyk report update
on:
schedule:
- cron: '0 0 * * 0' # midnight every Sunday
jobs:
snyk-report:
name: Update Snyk report in the docs directory
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Build reports
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
make snyk-report
git config --global user.email 'ci@argoproj.com'
git config --global user.name 'CI'
git add docs/snyk/index.md
git add docs/snyk/*/*.html
git commit -m "[Bot] Update Snyk reports"
git push

12
Makefile
View File

@@ -571,3 +571,15 @@ applicationset-controller:
.PHONY: checksums
checksums:
for f in ./dist/$(BIN_NAME)-*; do openssl dgst -sha256 "$$f" | awk ' { print $$2 }' > "$$f".sha256 ; done
.PHONY: snyk-container-tests
snyk-container-tests:
./hack/snyk-container-tests.sh
.PHONY: snyk-non-container-tests
snyk-non-container-tests:
./hack/snyk-non-container-tests.sh
.PHONY: snyk-report
snyk-report:
./hack/snyk-report.sh $(target_branch)

51
docs/snyk/index.md Normal file
View File

@@ -0,0 +1,51 @@
# Snyk Scans
Every Sunday, Snyk scans are generated for Argo CD's `master` branch and the most recent patches of the three most
recent minor releases.
!!! note
For the most recent scans, view the [`latest` version of the docs](https://argo-cd.readthedocs.io/en/latest/snyk/).
You can return to your preferred version of the docs site using the dropdown selector at the top of the page.
## Scans
### master
* [dependencies (golang and JavaScript)](master/argocd-test.html) — go.mod: 0 critical, 1 high, 2 medium, 0 low; ui/yarn.lock: 0 critical, 1 high, 1 medium, 0 low
* [(image) ghcr.io/dexidp/dex:v2.32.0](master/ghcr.io_dexidp_dex:v2.32.0.html) — 0 critical, 2 high, 0 medium, 0 low
* [(image) haproxy:2.0.29-alpine](master/haproxy:2.0.29-alpine.html) — 0 critical, 0 high, 0 medium, 0 low
* [(image) quay.io/argoproj/argocd:latest](master/quay.io_argoproj_argocd:latest.html) — 0 critical, 0 high, 3 medium, 17 low
* [(image) redis:7.0.4-alpine](master/redis:7.0.4-alpine.html) — 0 critical, 0 high, 0 medium, 0 low
* [(IaC) manifests/install.yaml](master/argocd-iac-install.html)
* [(IaC) manifests/namespace-install.yaml](master/argocd-iac-namespace-install.html)
### v2.4.7
* [dependencies (golang and JavaScript)](v2.4.7/argocd-test.html) — go.mod: 0 critical, 1 high, 3 medium, 0 low; ui/yarn.lock: 0 critical, 2 high, 1 medium, 0 low
* [(image) ghcr.io/dexidp/dex:v2.30.2](v2.4.7/ghcr.io_dexidp_dex:v2.30.2.html) — 1 critical, 4 high, 0 medium, 1 low
* [(image) haproxy:2.0.25-alpine](v2.4.7/haproxy:2.0.25-alpine.html) — 3 critical, 4 high, 0 medium, 1 low
* [(image) quay.io/argoproj/argocd:v2.4.7](v2.4.7/quay.io_argoproj_argocd:v2.4.7.html) — 0 critical, 0 high, 3 medium, 17 low
* [(image) redis:7.0.0-alpine](v2.4.7/redis:7.0.0-alpine.html) — 0 critical, 2 high, 0 medium, 0 low
* [(IaC) manifests/install.yaml](v2.4.7/argocd-iac-install.html)
* [(IaC) manifests/namespace-install.yaml](v2.4.7/argocd-iac-namespace-install.html)
### v2.3.6
* [dependencies (golang and JavaScript)](v2.3.6/argocd-test.html) — go.mod: 0 critical, 1 high, 3 medium, 0 low; ui/yarn.lock: 1 critical, 10 high, 24 medium, 2 low
* [(image) ghcr.io/dexidp/dex:v2.30.2](v2.3.6/ghcr.io_dexidp_dex:v2.30.2.html) — 1 critical, 4 high, 0 medium, 1 low
* [(image) haproxy:2.0.25-alpine](v2.3.6/haproxy:2.0.25-alpine.html) — 3 critical, 4 high, 0 medium, 1 low
* [(image) quay.io/argoproj/argocd-applicationset:v0.4.1](v2.3.6/quay.io_argoproj_argocd-applicationset:v0.4.1.html) — 0 critical, 4 high, 38 medium, 29 low
* [(image) quay.io/argoproj/argocd:v2.3.6](v2.3.6/quay.io_argoproj_argocd:v2.3.6.html) — 0 critical, 0 high, 4 medium, 17 low
* [(image) redis:6.2.6-alpine](v2.3.6/redis:6.2.6-alpine.html) — 0 critical, 1 high, 0 medium, 0 low
* [(IaC) manifests/install.yaml](v2.3.6/argocd-iac-install.html)
* [(IaC) manifests/namespace-install.yaml](v2.3.6/argocd-iac-namespace-install.html)
### v2.2.11
* [dependencies (golang and JavaScript)](v2.2.11/argocd-test.html) — go.mod: 0 critical, 1 high, 3 medium, 0 low; ui/yarn.lock: 1 critical, 11 high, 32 medium, 2 low
* [(image) ghcr.io/dexidp/dex:v2.30.2](v2.2.11/ghcr.io_dexidp_dex:v2.30.2.html) — 1 critical, 4 high, 0 medium, 1 low
* [(image) haproxy:2.0.25-alpine](v2.2.11/haproxy:2.0.25-alpine.html) — 3 critical, 4 high, 0 medium, 1 low
* [(image) quay.io/argoproj/argocd:v2.2.11](v2.2.11/quay.io_argoproj_argocd:v2.2.11.html) — 0 critical, 0 high, 4 medium, 25 low
* [(image) redis:6.2.6-alpine](v2.2.11/redis:6.2.6-alpine.html) — 0 critical, 1 high, 0 medium, 0 low
* [(IaC) manifests/install.yaml](v2.2.11/argocd-iac-install.html)
* [(IaC) manifests/namespace-install.yaml](v2.2.11/argocd-iac-namespace-install.html)

2243
docs/snyk/master/argocd-iac-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

2243
docs/snyk/master/argocd-iac-namespace-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

4348
docs/snyk/master/argocd-test.html Normal file
View File

File diff suppressed because it is too large Load Diff

717
docs/snyk/master/ghcr.io_dexidp_dex:v2.32.0.html Normal file
View File

@@ -0,0 +1,717 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="2 known vulnerabilities found in 10 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 2:59:16 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">ghcr.io/dexidp/dex:v2.32.0/dexidp/dex (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>10 vulnerable dependency paths</span></div>
<div class="meta-count"><span>14</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|ghcr.io/dexidp/dex</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">ghcr.io/dexidp/dex:v2.32.0/dexidp/dex</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inadequate Encryption Strength</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.16
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto1.1
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.32.0 and openssl/libcrypto1.1@1.1.1o-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant versions.</em></p>
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1q-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://www.openssl.org/news/secadv/20220705.txt">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/">FEDORA</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/">FEDORA</a></li>
<li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-2941806">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Use After Free</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.16
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.32.0 and busybox/busybox@1.35.0-r13
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.35.0-r13
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout-data@3.2.0-r20
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.2.0-r20
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.35.0-r13
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.32.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>busybox</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant versions.</em></p>
<p>A use-after-free in Busybox 1.35-x&#39;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.16</code> <code>busybox</code> to version 1.35.0-r15 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=14781">MISC</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE316-BUSYBOX-2953070">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

492
docs/snyk/master/haproxy:2.0.29-alpine.html Normal file
View File

@@ -0,0 +1,492 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 2:59:20 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">haproxy:2.0.29-alpine (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>0 vulnerable dependency paths</span></div>
<div class="meta-count"><span>17</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.0.29-alpine</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
No known vulnerabilities detected.
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

2495
docs/snyk/master/quay.io_argoproj_argocd:latest.html Normal file
View File

File diff suppressed because it is too large Load Diff

492
docs/snyk/master/redis:7.0.4-alpine.html Normal file
View File

@@ -0,0 +1,492 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 2:59:46 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">redis:7.0.4-alpine (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>0 vulnerable dependency paths</span></div>
<div class="meta-count"><span>17</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.4-alpine</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
No known vulnerabilities detected.
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

2439
docs/snyk/v2.2.11/argocd-iac-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

2439
docs/snyk/v2.2.11/argocd-iac-namespace-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

8698
docs/snyk/v2.2.11/argocd-test.html Normal file
View File

File diff suppressed because it is too large Load Diff

1291
docs/snyk/v2.2.11/ghcr.io_dexidp_dex:v2.30.2.html Normal file
View File

File diff suppressed because it is too large Load Diff

1375
docs/snyk/v2.2.11/haproxy:2.0.25-alpine.html Normal file
View File

File diff suppressed because it is too large Load Diff

4486
docs/snyk/v2.2.11/quay.io_argoproj_argocd:v2.2.11.html Normal file
View File

File diff suppressed because it is too large Load Diff

651
docs/snyk/v2.2.11/redis:6.2.6-alpine.html Normal file
View File

@@ -0,0 +1,651 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="1 known vulnerabilities found in 9 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 3:05:44 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">redis:6.2.6-alpine (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>9 vulnerable dependency paths</span></div>
<div class="meta-count"><span>17</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:6.2.6-alpine</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inadequate Encryption Strength</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.15
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto1.1
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@6.2.6-alpine and openssl/libcrypto1.1@1.1.1n-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220405.104447
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.7-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
libretls/libretls@3.3.4-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220405.104447
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.7-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
libretls/libretls@3.3.4-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.15</code> relevant versions.</em></p>
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.15</code> <code>openssl</code> to version 1.1.1q-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://www.openssl.org/news/secadv/20220705.txt">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/">FEDORA</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/">FEDORA</a></li>
<li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE315-OPENSSL-2941810">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

3263
docs/snyk/v2.3.6/argocd-iac-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

3263
docs/snyk/v2.3.6/argocd-iac-namespace-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

7745
docs/snyk/v2.3.6/argocd-test.html Normal file
View File

File diff suppressed because it is too large Load Diff

1291
docs/snyk/v2.3.6/ghcr.io_dexidp_dex:v2.30.2.html Normal file
View File

File diff suppressed because it is too large Load Diff

1375
docs/snyk/v2.3.6/haproxy:2.0.25-alpine.html Normal file
View File

File diff suppressed because it is too large Load Diff

7714
docs/snyk/v2.3.6/quay.io_argoproj_argocd-applicationset:v0.4.1.html Normal file
View File

File diff suppressed because it is too large Load Diff

2701
docs/snyk/v2.3.6/quay.io_argoproj_argocd:v2.3.6.html Normal file
View File

File diff suppressed because it is too large Load Diff

651
docs/snyk/v2.3.6/redis:6.2.6-alpine.html Normal file
View File

@@ -0,0 +1,651 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="1 known vulnerabilities found in 9 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 3:03:15 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">redis:6.2.6-alpine (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>9 vulnerable dependency paths</span></div>
<div class="meta-count"><span>17</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:6.2.6-alpine</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inadequate Encryption Strength</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.15
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto1.1
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@6.2.6-alpine and openssl/libcrypto1.1@1.1.1n-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220405.104447
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.7-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
libretls/libretls@3.3.4-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220405.104447
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.7-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@6.2.6-alpine
<span class="list-paths__item__arrow"></span>
libretls/libretls@3.3.4-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1n-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.15</code> relevant versions.</em></p>
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.15</code> <code>openssl</code> to version 1.1.1q-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://www.openssl.org/news/secadv/20220705.txt">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/">FEDORA</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/">FEDORA</a></li>
<li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE315-OPENSSL-2941810">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

2243
docs/snyk/v2.4.7/argocd-iac-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

2243
docs/snyk/v2.4.7/argocd-iac-namespace-install.html Normal file
View File

File diff suppressed because it is too large Load Diff

3488
docs/snyk/v2.4.7/argocd-test.html Normal file
View File

File diff suppressed because it is too large Load Diff

1291
docs/snyk/v2.4.7/ghcr.io_dexidp_dex:v2.30.2.html Normal file
View File

File diff suppressed because it is too large Load Diff

1375
docs/snyk/v2.4.7/haproxy:2.0.25-alpine.html Normal file
View File

File diff suppressed because it is too large Load Diff

2495
docs/snyk/v2.4.7/quay.io_argoproj_argocd:v2.4.7.html Normal file
View File

File diff suppressed because it is too large Load Diff

739
docs/snyk/v2.4.7/redis:7.0.0-alpine.html Normal file
View File

@@ -0,0 +1,739 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="2 known vulnerabilities found in 12 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 3:01:14 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">redis:7.0.0-alpine (apk)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>12 vulnerable dependency paths</span></div>
<div class="meta-count"><span>17</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.0-alpine</td></tr>
<tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
</tbody>
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inadequate Encryption Strength</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.16
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto1.1
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@7.0.0-alpine and openssl/libcrypto1.1@1.1.1o-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220525.220540
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20220525.220540
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.12.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl1.1@1.1.1o-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant versions.</em></p>
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1q-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://www.openssl.org/news/secadv/20220705.txt">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">CONFIRM</a></li>
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/">FEDORA</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/">FEDORA</a></li>
<li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
<li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-2941806">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Use After Free</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.16
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@7.0.0-alpine and busybox/busybox@1.35.0-r13
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.35.0-r13
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout-data@3.2.0-r20
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.2.0-r20
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.35.0-r13
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.0.0-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.35.0-r13
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>busybox</code> package.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant versions.</em></p>
<p>A use-after-free in Busybox 1.35-x&#39;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.16</code> <code>busybox</code> to version 1.35.0-r15 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=14781">MISC</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE316-BUSYBOX-2953070">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>

26
hack/snyk-container-tests.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -e
set -o pipefail
images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml manifests/ha/install.yaml | sed 's/.*image: //' | sort | uniq)
failed=false
while IFS= read -r image; do
extra_args=""
if echo "$image" | grep "argocd"; then
# Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
extra_args="--file=Dockerfile --sarif-file-output=/tmp/argocd-image.sarif"
fi
set -x
if ! snyk container test "$image" --org=argoproj --severity-threshold=high $extra_args; then
failed=true
fi
set +x
done <<< "$images"
if [ "$failed" == "true" ]; then
exit 1
fi

9
hack/snyk-non-container-tests.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
set -e
set -o pipefail
# Fail on high-or-greater vulnerabilities.
snyk test --all-projects --exclude=docs,site,ui-test --org=argoproj --severity-threshold=high --policy-path=.snyk --sarif-file-output=/tmp/argocd-test.sarif
snyk iac test manifests/install.yaml --org=argoproj --severity-threshold=high --policy-path=.snyk --sarif-file-output=/tmp/argocd-iac-test-install.sarif
snyk iac test manifests/namespace-install.yaml --org=argoproj --severity-threshold=high --policy-path=.snyk --sarif-file-output=/tmp/argocd-iac-test-namespace-install.sarif

136
hack/snyk-report.sh Executable file
View File

@@ -0,0 +1,136 @@
#!/usr/bin/env bash
set -e
set -o pipefail
npm install snyk-to-html -g
# Choose the branch where docs changes will actually be written.
target_branch="$1"
if [ "$target_branch" != "" ]; then
git checkout "$target_branch"
fi
# In case the directory doesn't exist in the target branch.
mkdir -p docs/snyk
# Clear the docs directory in case we need to delete an old version.
rm -rf docs/snyk/*
cat > docs/snyk/index.md <<- EOM
# Snyk Scans
Every Sunday, Snyk scans are generated for Argo CD's \`master\` branch and the most recent patches of the three most
recent minor releases.
!!! note
For the most recent scans, view the [\`latest\` version of the docs](https://argo-cd.readthedocs.io/en/latest/snyk/).
You can return to your preferred version of the docs site using the dropdown selector at the top of the page.
## Scans
EOM
argocd_dir=$(pwd)
temp_dir=$(mktemp -d)
cd "$temp_dir"
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git checkout master
minor_version=$(sed -E 's/\.[0-9]+$//g' VERSION)
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[[:digit:]]*$" | sort -g | tail -n 1)
version="v$minor_version.$patch_num"
versions="master "
for i in 1 2 3; do
if [ "$version" == "" ]; then break; fi
# Nightmare code to get the most recent patches of the three most recent minor versions.
versions+="$version "
minor_num=$(printf '%s' "$minor_version" | sed -E 's/[0-9]+\.//')
minor_num=$((minor_num-1))
minor_version=$(printf '%s' "$minor_version" | sed -E "s/\.[0-9]+$/.$minor_num/g")
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[[:digit:]]*$" | sort -g | tail -n 1)
version="v$minor_version.$patch_num"
done
for version in $versions; do
printf '\n%s\n\n' "### $version" >> "$argocd_dir/docs/snyk/index.md"
mkdir -p "$argocd_dir/docs/snyk/$version"
git reset --hard # reset any pending changes to avoid checkout errors
git checkout "$version"
# Get the latest ignore rules.
cp "$argocd_dir/.snyk" .snyk
# || [ $? == 1 ] ignores errors due to vulnerabilities.
snyk test --all-projects --exclude=docs,site,ui-test --org=argoproj --policy-path=.snyk --sarif-file-output=/tmp/argocd-test.sarif --json-file-output=/tmp/argocd-test.json || [ $? == 1 ]
snyk-to-html -i /tmp/argocd-test.json -o "$argocd_dir/docs/snyk/$version/argocd-test.html"
printf '%s' "* [dependencies (golang and JavaScript)]($version/argocd-test.html) — " >> "$argocd_dir/docs/snyk/index.md"
jq 'map(
{
# Collect all the vulnerabilities severities. Group by id to avoid double-counting.
severity: (.vulnerabilities | group_by(.id) | map(.[0])[].severity),
displayTargetFile: (.displayTargetFile)
}
)
# Group by target file (e.g. go.mod) so we can see where the vulnerabilities are.
| group_by(.displayTargetFile)
| map(
.[0].displayTargetFile
+ ": \(map(select(.severity == "critical")) | length) critical, "
+ "\(map(select(.severity == "high")) | length) high, "
+ "\(map(select(.severity == "medium")) | length) medium, "
+ "\(map(select(.severity == "low")) | length) low")
| join("; ")' -r /tmp/argocd-test.json >> "$argocd_dir/docs/snyk/index.md"
images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml manifests/ha/install.yaml | sed 's/.*image: //' | sort | uniq)
while IFS= read -r image; do
extra_args=""
if echo "$image" | grep "argocd"; then
# Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
extra_args="--file=Dockerfile --sarif-file-output=/tmp/${image//\//_}.sarif "
fi
set -x
# || [ $? == 1 ] ignores errors due to vulnerabilities.
snyk container test "$image" --org=argoproj "--json-file-output=/tmp/${image//\//_}.json" $extra_args || [ $? == 1 ]
set +x
snyk-to-html -i "/tmp/${image//\//_}.json" -o "$argocd_dir/docs/snyk/$version/${image//\//_}.html"
printf '%s' "* [(image) $image]($version/${image//\//_}.html) — " >> "$argocd_dir/docs/snyk/index.md"
# Add severity counts to index.
jq '[
.vulnerabilities
# Group by ID to avoid double-counting.
| group_by(.id)
# Get the severity of the first vulnerability in the group (should be the same for every item in the group).
| map(.[0])[].severity
# Construct a summary using the counts of each severity level.
] | "\(map(select(. == "critical")) | length) critical, \(map(select(. == "high")) | length) high, \(map(select(. == "medium")) | length) medium, \(map(select(. == "low")) | length) low"' -r "/tmp/${image//\//_}.json" >> "$argocd_dir/docs/snyk/index.md"
done <<< "$images"
# || [ $? == 1 ] ignores errors due to vulnerabilities.
snyk iac test manifests/install.yaml --org=argoproj --policy-path=.snyk --sarif-file-output=/tmp/argocd-iac-install.sarif --json-file-output=/tmp/argocd-iac-install.json || [ $? == 1 ]
snyk-to-html -i /tmp/argocd-iac-install.json -o "$argocd_dir/docs/snyk/$version/argocd-iac-install.html"
echo "* [(IaC) manifests/install.yaml]($version/argocd-iac-install.html)" >> "$argocd_dir/docs/snyk/index.md"
# || [ $? == 1 ] ignores errors due to vulnerabilities.
snyk iac test manifests/namespace-install.yaml --org=argoproj --policy-path=.snyk --sarif-file-output=/tmp/argocd-iac-namespace-install.sarif --json-file-output=/tmp/argocd-iac-namespace-install.json || [ $? == 1 ]
snyk-to-html -i /tmp/argocd-iac-namespace-install.json -o "$argocd_dir/docs/snyk/$version/argocd-iac-namespace-install.html"
echo "* [(IaC) manifests/namespace-install.yaml]($version/argocd-iac-namespace-install.html)" >> "$argocd_dir/docs/snyk/index.md"
done
# clean up
cd "$argocd_dir" # Back to the main argo-cd clone.
rm -rf "$temp_dir"
# regex-escape the temp dir path
dir_r="${temp_dir//\//\\\/}"
# remove temp dir path from Snyk output
sed -i '' "s/$dir_r//g" docs/snyk/*/*.html

4
mkdocs.yml
View File

@@ -32,7 +32,9 @@ nav:
- operator-manual/user-management/openunison.md
- operator-manual/user-management/google.md
- operator-manual/rbac.md
- operator-manual/security.md
- Security:
- Overview: operator-manual/security.md
- snyk/index.md
- operator-manual/tls.md
- operator-manual/cluster-bootstrapping.md
- operator-manual/secret-management.md