## Summary sonarsource/sonarqube/sonarqube9-community has 8 new findings discovered during continuous monitoring. id | source | package --- | --- | --- CVE-2021-35515 | anchore_cve | commons-compress-1.20 CVE-2021-35517 | anchore_cve | commons-compress-1.20 CVE-2021-36090 | anchore_cve | commons-compress-1.20 CVE-2021-21290 | twistlock_cve | io.netty_netty-codec-http-4.1.49.Final CVE-2021-35515 | twistlock_cve | org.apache.commons_commons-compress-1.20 CVE-2021-35516 | twistlock_cve | org.apache.commons_commons-compress-1.20 CVE-2021-35517 | twistlock_cve | org.apache.commons_commons-compress-1.20 CVE-2021-36090 | twistlock_cve | org.apache.commons_commons-compress-1.20 More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/sonarsource/sonarqube/sonarqube9-community/-/jobs/5214864 ## Definition of Done Justifications: - [x] All findings have been justified - [x] Justifications have been provided to the container hardening team Approval Process: - [x] Findings Approver has reviewed and approved all justifications - [x] Approval request has been sent to Authorizing Official - [ ] Approval request has been processed by Authorizing Official