chore(findings): sonarsource/sonarqube/sonarqube8-datacenter-app
Summary
sonarsource/sonarqube/sonarqube8-datacenter-app has 17 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| VULNDB-239195 | anchore_cve | commons-io-2.7 |
| CVE-2021-22137 | anchore_cve | elasticsearch-7.11.2 |
| CVE-2021-22137 | anchore_cve | elasticsearch-7.11.2 |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-10.0.1 |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-10.0.1 |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-26.0-jre |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-28.0-jre |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-28.2-jre |
| GHSA-5mg8-w23w-74h3 | anchore_cve | guava-28.2-jre |
| CVE-2021-2163 | anchore_cve | java-11-openjdk-headless-11.0.10.0.9-4.el8_3 |
| GHSA-vwqq-5vrc-xw9h | anchore_cve | log4j-core-2.11.1 |
| See csv output stage for complete list of new findings. |
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team -
Approval label has been applied
Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over.
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Note: If the above approval process is kicked back for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the Approval label.
Edited by Al Fontaine