chore(findings): opensource/gradle/gradle-jre8
Summary
opensource/gradle/gradle-jre8 has 8 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| CVE-2020-11979 | anchore_cve | ant-1.10.8 |
| CVE-2021-29425 | anchore_cve | commons-io-2.6 |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-27.1-android |
| CVE-2020-9546 | anchore_cve | jackson-databind-2.10.2 |
| CVE-2020-9547 | anchore_cve | jackson-databind-2.10.2 |
| CVE-2020-9548 | anchore_cve | jackson-databind-2.10.2 |
| GHSA-288c-cq4h-88gq | anchore_cve | jackson-databind-2.10.2 |
| CVE-2020-29582 | twistlock_cve | kotlin-stdlib_kotlin-stdlib-1.3.72 |
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team -
Approval label has been applied
Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over.
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Note: If the above approval process is kicked back for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the Approval label.
Edited by Michael Simmons