CVEs reported against dependencytrack/apiserver #4479
Unanswered
lokesh2019
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
We have just run Mend version 24.10.3 against a local deployment of latest Dependency-Track before we deploy it on our local network, and it has reported some CVEs against the Debian packages on
dependencytrack/apiservercontainer.I have found a similar discussion about a past version here: #3812 but that is against an older version of Dependency-Track so I hope this new thread is not inappropriate.
More information about the component versions:
Scanner: Mend, version 24.10.3
Dependency-Track versions from
docker-compose upoutput:And the scan reports these packages as vulnerable:
Could you please advise how best to upgrade and keep the packages up to date on the docker images?
Or, is it possible to deploy Dependency-Track outside of the containers? I realise this goes against docker's "it just works" deployment but it might help us keep on top of the linux packages. I have seen #2925 but it does not seem very encouraging.
Beta Was this translation helpful? Give feedback.
All reactions