Go build dependency update ?
hbalaci opened this issue · 0 comments
hbalaci commented
I am considering the following image for a deployment in App Services: mcr.microsoft.com/appsvc/python:3.10_20240130.7.tuxprod
When scanned by Azure registry container image scanner (powered by Qualys) (this is a MSFT provided image scanner under Microsoft Cloud Defender service) there are two CVE reported for opt/startupcmdgen/startupcmdgen:
CVE-2022-32149
CVE-2022-29526
Here are the details about CVEs:
GHSA-p782-xgp4-8hr8
GHSA-69ch-w2m2-3vjp
Can these CVEs be patched by updating go modules/versions and its dependencies?
Its also possible that there are no issues and the CVEs are false positive due to faulty container image scanner.
What is the best way to handle these CVE ?
Thank you,
H