fix: match OpenSSL letter releases #2682

harmw · 2024-02-29T12:08:24Z

This should resolve #2681

Original results using syft:v0.105.1:

 ✔ Loaded image                                                                          openresty/openresty:1.25.3.1-2-alpine
 ✔ Parsed image                                        sha256:b1cb45b1556801b8cb1bc29ea78faf2eaf67926a37b052dd070866e44d7df07a
 ✔ Cataloged contents                                         db4ad5d00580ca709b0423af26df39b23d48a1b792fea8ede029a1e412776470
   ├── ✔ Packages                        [52 packages]
   ├── ✔ File digests                    [403 files]
   ├── ✔ File metadata                   [403 locations]
   └── ✔ Executables                     [125 executables]

Scan:

 ✔ Vulnerability DB                [no update available]
 ✔ Scanned for vulnerabilities     [54 vulnerability matches]
   ├── by severity: 3 critical, 13 high, 36 medium, 2 low, 0 negligible
   └── by status:   4 fixed, 50 not-fixed, 0 ignored

Create SBOM using syft from this branch:

export DOCKER_HOST="unix://${HOME}/.colima/default/docker.sock"

./dist/darwin-build_darwin_arm64/syft packages docker:openresty/openresty:1.25.3.1-2-alpine -o spdx-json --file 2681.spdx.json
Command "packages" is deprecated, use `syft scan` instead
Flag --file has been deprecated, use: output
 ✔ Loaded image                                                                          openresty/openresty:1.25.3.1-2-alpine
 ✔ Parsed image                                        sha256:b1cb45b1556801b8cb1bc29ea78faf2eaf67926a37b052dd070866e44d7df07a
 ✔ Cataloged contents                                         db4ad5d00580ca709b0423af26df39b23d48a1b792fea8ede029a1e412776470
   ├── ✔ Packages                        [52 packages]
   ├── ✔ File digests                    [403 files]
   ├── ✔ File metadata                   [403 locations]
   └── ✔ Executables                     [125 executables]

Scan again:

 % docker run --rm -it -v ${PWD}:/work -v ~/.grype/cache:/.cache/grype anchore/grype:v0.74.4 sbom:/work/2681.spdx.json -o sarif --file /work/scan.sarif
 ✔ Vulnerability DB                [no update available]
 ✔ Scanned for vulnerabilities     [24 vulnerability matches]
   ├── by severity: 0 critical, 4 high, 20 medium, 0 low, 0 negligible
   └── by status:   4 fixed, 20 not-fixed, 0 ignored

Signed-off-by: Harm Weites <harm@weites.com>

harmw changed the title ~~chore: match OpenSSL letter releases~~ fix: match OpenSSL letter releases Feb 29, 2024

harmw added 2 commits February 29, 2024 13:10

chore: match openssl 1.1 letter releases

ac5e799

Signed-off-by: Harm Weites <harm@weites.com>

chore: include image sha

43f8b72

Signed-off-by: Harm Weites <harm@weites.com>

harmw force-pushed the openssl111 branch from d51870c to 43f8b72 Compare February 29, 2024 12:10

wagoodman approved these changes Feb 29, 2024

View reviewed changes

wagoodman enabled auto-merge (squash) February 29, 2024 14:34

wagoodman merged commit 356f7c9 into anchore:main Feb 29, 2024
11 checks passed

harmw deleted the openssl111 branch February 29, 2024 14:45

BrewTestBot mentioned this pull request Feb 29, 2024

syft 1.0.0 Homebrew/homebrew-core#164617

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: match OpenSSL letter releases #2682

fix: match OpenSSL letter releases #2682

harmw commented Feb 29, 2024 •

edited

fix: match OpenSSL letter releases #2682

fix: match OpenSSL letter releases #2682

Conversation

harmw commented Feb 29, 2024 • edited

harmw commented Feb 29, 2024 •

edited