chore(findings): sonarsource/sonarqube/sonarqube8-datacenter-app
Summary
sonarsource/sonarqube/sonarqube8-datacenter-app has 6 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| CVE-2021-22145 | anchore_cve | elasticsearch-7.12.1 |
| CVE-2021-21290 | twistlock_cve | io.netty_netty-codec-http-4.1.49.Final |
| CVE-2021-35515 | twistlock_cve | org.apache.commons_commons-compress-1.20 |
| CVE-2021-35516 | twistlock_cve | org.apache.commons_commons-compress-1.20 |
| CVE-2021-35517 | twistlock_cve | org.apache.commons_commons-compress-1.20 |
| CVE-2021-36090 | twistlock_cve | org.apache.commons_commons-compress-1.20 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/sonarsource/sonarqube/sonarqube8-datacenter-app/-/jobs/5217705
Definition of Done
Justifications:
- All findings have been justified
- Justifications have been provided to the container hardening team
Approval Process:
- Findings Approver has reviewed and approved all justifications
- Approval request has been sent to Authorizing Official
- Approval request has been processed by Authorizing Official
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information