Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.26] - Support scanning k3s images with grype #8620

Closed
brandond opened this issue Oct 12, 2023 · 2 comments
Closed

[Release-1.26] - Support scanning k3s images with grype #8620

brandond opened this issue Oct 12, 2023 · 2 comments
Assignees
@brandond @fmoral2
Milestone
v1.26.14+k3s1

Comments

@brandond
Copy link
Member

Backport fix for Support scanning k3s images with grype
@brandond brandond self-assigned this Oct 12, 2023
@brandond brandond mentioned this issue Oct 12, 2023
Merged
@VestigeJ
Copy link

VestigeJ commented Jan 19, 2024
edited
Loading

$ k3s -v

k3s version v1.26.13-rc2+k3s1 (65495bb6)
go version go1.20.13

$ grype /usr/local/bin/k3s --add-cpes-if-none

 ✔ Vulnerability DB                [no update available]
 ✔ Indexed file system                                                                                                                                                                                                                                                                                                                   /usr/local/bin
 ✔ Cataloged contents                                                                                                                                                                                                                                                                  82a46d41c6dcef7ec01597681aa5575ea7572cafd02049c5bd5e17aa6b73cc49
   └── ✔ Packages                        [32 packages]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found

$ grype -vvv /usr/local/bin/k3s -o json

[0000]  INFO grype version: 0.74.1
[0000] DEBUG config:
  log:
      quiet: false
      level: trace
      file: ""
  dev:
      profile: none
  output:
      - json
  file: ""
  distro: ""
  add-cpes-if-none: false
  output-template-file: ""
  check-for-app-update: true
  only-fixed: false
  only-notfixed: false
  ignore-states: ""
  platform: ""
  search:
      scope: squashed
      unindexed-archives: false
      indexed-archives: true
  ignore: []
  exclude: []
  db:
      cache-dir: /home/ec2-user/.cache/grype/db
      update-url: https://toolbox-data.anchore.io/grype/databases/listing.json
      ca-cert: ""
      auto-update: true
      validate-by-hash-on-start: false
      validate-age: true
      max-allowed-built-age: 120h0m0s
  external-sources:
      enable: false
      maven:
          search-upstream: true
          base-url: https://search.maven.org/solrsearch/select
  match:
      java:
          using-cpes: false
      dotnet:
          using-cpes: false
      golang:
          using-cpes: false
          always-use-cpe-for-stdlib: true
      javascript:
          using-cpes: false
      python:
          using-cpes: false
      ruby:
          using-cpes: false
      rust:
          using-cpes: false
      stock:
          using-cpes: true
  fail-on-severity: ""
  registry:
      insecure-skip-tls-verify: false
      insecure-use-http: false
      auth: []
      ca-cert: ""
  show-suppressed: false
  by-cve: false
  name: ""
  default-image-pull-source: ""
  vex-documents: []
  vex-add: []
[0000] DEBUG gathering packages
[0000] DEBUG loading DB
[0000] DEBUG looking for updates on vulnerability database
[0000] DEBUG checking for available database updates
[0000] DEBUG no new grype update available
[0000] TRACE unable to open mod cache directory: /home/ec2-user/go/pkg/mod, skipping mod cache resolver
[0000] TRACE unable to open mod cache directory: /home/ec2-user/go/pkg/mod, skipping mod cache resolver
[0000] TRACE indexing filetree path=/usr/local/bin
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE starting package cataloger name=alpm-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/lib/pacman/local/**/desc
[0000] TRACE searching filetree by glob glob=**/var/lib/pacman/local/**/desc
[0000] DEBUG discovered 0 packages cataloger=alpm-db-cataloger
[0000] TRACE package cataloger completed name=alpm-db-cataloger
[0000] TRACE starting package cataloger name=apk-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/lib/apk/db/installed
[0000] TRACE searching filetree by glob glob=**/lib/apk/db/installed
[0000] DEBUG discovered 0 packages cataloger=apk-db-cataloger
[0000] TRACE package cataloger completed name=apk-db-cataloger
[0000] TRACE starting package cataloger name=dpkg-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/lib/dpkg/status
[0000] TRACE searching filetree by glob glob=**/var/lib/dpkg/status
[0000] TRACE searching for paths matching glob glob=**/var/lib/dpkg/status.d/*
[0000] TRACE searching filetree by glob glob=**/var/lib/dpkg/status.d/*
[0000] TRACE searching for paths matching glob glob=**/lib/opkg/info/*.control
[0000] TRACE searching filetree by glob glob=**/lib/opkg/info/*.control
[0000] TRACE searching for paths matching glob glob=**/lib/opkg/status
[0000] TRACE searching filetree by glob glob=**/lib/opkg/status
[0000] DEBUG discovered 0 packages cataloger=dpkg-db-cataloger
[0000] TRACE package cataloger completed name=dpkg-db-cataloger
[0000] TRACE starting package cataloger name=portage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/var/db/pkg/*/*/CONTENTS
[0000] TRACE searching filetree by glob glob=**/var/db/pkg/*/*/CONTENTS
[0000] DEBUG discovered 0 packages cataloger=portage-cataloger
[0000] TRACE package cataloger completed name=portage-cataloger
[0000] TRACE starting package cataloger name=rpm-db-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}
[0000] TRACE searching filetree by glob glob=**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}
[0000] TRACE searching for paths matching glob glob=**/var/lib/rpmmanifest/container-manifest-2
[0000] TRACE searching filetree by glob glob=**/var/lib/rpmmanifest/container-manifest-2
[0000] DEBUG discovered 0 packages cataloger=rpm-db-cataloger
[0000] TRACE package cataloger completed name=rpm-db-cataloger
[0000] TRACE starting package cataloger name=rpm-archive-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.rpm
[0000] TRACE searching filetree by glob glob=**/*.rpm
[0000] DEBUG discovered 0 packages cataloger=rpm-archive-cataloger
[0000] TRACE package cataloger completed name=rpm-archive-cataloger
[0000] TRACE starting package cataloger name=conan-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/conanfile.txt
[0000] TRACE searching filetree by glob glob=**/conanfile.txt
[0000] TRACE searching for paths matching glob glob=**/conan.lock
[0000] TRACE searching filetree by glob glob=**/conan.lock
[0000] DEBUG discovered 0 packages cataloger=conan-cataloger
[0000] TRACE package cataloger completed name=conan-cataloger
[0000] TRACE starting package cataloger name=dart-pubspec-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/pubspec.lock
[0000] TRACE searching filetree by glob glob=**/pubspec.lock
[0000] DEBUG discovered 0 packages cataloger=dart-pubspec-lock-cataloger
[0000] TRACE package cataloger completed name=dart-pubspec-lock-cataloger
[0000] TRACE starting package cataloger name=dotnet-deps-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.deps.json
[0000] TRACE searching filetree by glob glob=**/*.deps.json
[0000] DEBUG discovered 0 packages cataloger=dotnet-deps-cataloger
[0000] TRACE package cataloger completed name=dotnet-deps-cataloger
[0000] TRACE starting package cataloger name=elixir-mix-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/mix.lock
[0000] TRACE searching filetree by glob glob=**/mix.lock
[0000] DEBUG discovered 0 packages cataloger=elixir-mix-lock-cataloger
[0000] TRACE package cataloger completed name=elixir-mix-lock-cataloger
[0000] TRACE starting package cataloger name=erlang-rebar-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/rebar.lock
[0000] TRACE searching filetree by glob glob=**/rebar.lock
[0000] DEBUG discovered 0 packages cataloger=erlang-rebar-lock-cataloger
[0000] TRACE package cataloger completed name=erlang-rebar-lock-cataloger
[0000] TRACE starting package cataloger name=haskell-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/stack.yaml
[0000] TRACE searching filetree by glob glob=**/stack.yaml
[0000] TRACE searching for paths matching glob glob=**/stack.yaml.lock
[0000] TRACE searching filetree by glob glob=**/stack.yaml.lock
[0000] TRACE searching for paths matching glob glob=**/cabal.project.freeze
[0000] TRACE searching filetree by glob glob=**/cabal.project.freeze
[0000] DEBUG discovered 0 packages cataloger=haskell-cataloger
[0000] TRACE package cataloger completed name=haskell-cataloger
[0000] TRACE starting package cataloger name=go-module-file-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/go.mod
[0000] TRACE searching filetree by glob glob=**/go.mod
[0000] DEBUG discovered 0 packages cataloger=go-module-file-cataloger
[0000] TRACE package cataloger completed name=go-module-file-cataloger
[0000] TRACE starting package cataloger name=java-gradle-lockfile-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/gradle.lockfile*
[0000] TRACE searching filetree by glob glob=**/gradle.lockfile*
[0000] DEBUG discovered 0 packages cataloger=java-gradle-lockfile-cataloger
[0000] TRACE package cataloger completed name=java-gradle-lockfile-cataloger
[0000] TRACE starting package cataloger name=java-pom-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/pom.xml
[0000] TRACE searching filetree by glob glob=**/pom.xml
[0000] DEBUG discovered 0 packages cataloger=java-pom-cataloger
[0000] TRACE package cataloger completed name=java-pom-cataloger
[0000] TRACE starting package cataloger name=javascript-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/package-lock.json
[0000] TRACE searching filetree by glob glob=**/package-lock.json
[0000] TRACE searching for paths matching glob glob=**/yarn.lock
[0000] TRACE searching filetree by glob glob=**/yarn.lock
[0000] TRACE searching for paths matching glob glob=**/pnpm-lock.yaml
[0000] TRACE searching filetree by glob glob=**/pnpm-lock.yaml
[0000] DEBUG discovered 0 packages cataloger=javascript-lock-cataloger
[0000] TRACE package cataloger completed name=javascript-lock-cataloger
[0000] TRACE starting package cataloger name=php-composer-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/composer.lock
[0000] TRACE searching filetree by glob glob=**/composer.lock
[0000] DEBUG discovered 0 packages cataloger=php-composer-lock-cataloger
[0000] TRACE package cataloger completed name=php-composer-lock-cataloger
[0000] TRACE starting package cataloger name=python-package-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*requirements*.txt
[0000] TRACE searching filetree by glob glob=**/*requirements*.txt
[0000] TRACE searching for paths matching glob glob=**/poetry.lock
[0000] TRACE searching filetree by glob glob=**/poetry.lock
[0000] TRACE searching for paths matching glob glob=**/Pipfile.lock
[0000] TRACE searching filetree by glob glob=**/Pipfile.lock
[0000] TRACE searching for paths matching glob glob=**/setup.py
[0000] TRACE searching filetree by glob glob=**/setup.py
[0000] DEBUG discovered 0 packages cataloger=python-package-cataloger
[0000] TRACE package cataloger completed name=python-package-cataloger
[0000] TRACE starting package cataloger name=ruby-gemfile-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Gemfile.lock
[0000] TRACE searching filetree by glob glob=**/Gemfile.lock
[0000] DEBUG discovered 0 packages cataloger=ruby-gemfile-cataloger
[0000] TRACE package cataloger completed name=ruby-gemfile-cataloger
[0000] TRACE starting package cataloger name=ruby-gemspec-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.gemspec
[0000] TRACE searching filetree by glob glob=**/*.gemspec
[0000] DEBUG discovered 0 packages cataloger=ruby-gemspec-cataloger
[0000] TRACE package cataloger completed name=ruby-gemspec-cataloger
[0000] TRACE starting package cataloger name=rust-cargo-lock-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Cargo.lock
[0000] TRACE searching filetree by glob glob=**/Cargo.lock
[0000] DEBUG discovered 0 packages cataloger=rust-cargo-lock-cataloger
[0000] TRACE package cataloger completed name=rust-cargo-lock-cataloger
[0000] TRACE starting package cataloger name=cocoapods-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Podfile.lock
[0000] TRACE searching filetree by glob glob=**/Podfile.lock
[0000] DEBUG discovered 0 packages cataloger=cocoapods-cataloger
[0000] TRACE package cataloger completed name=cocoapods-cataloger
[0000] TRACE starting package cataloger name=swift-package-manager-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/Package.resolved
[0000] TRACE searching filetree by glob glob=**/Package.resolved
[0000] TRACE searching for paths matching glob glob=**/.package.resolved
[0000] TRACE searching filetree by glob glob=**/.package.resolved
[0000] DEBUG discovered 0 packages cataloger=swift-package-manager-cataloger
[0000] TRACE package cataloger completed name=swift-package-manager-cataloger
[0000] TRACE starting package cataloger name=dotnet-portable-executable-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.dll
[0000] TRACE searching filetree by glob glob=**/*.dll
[0000] TRACE searching for paths matching glob glob=**/*.exe
[0000] TRACE searching filetree by glob glob=**/*.exe
[0000] DEBUG discovered 0 packages cataloger=dotnet-portable-executable-cataloger
[0000] TRACE package cataloger completed name=dotnet-portable-executable-cataloger
[0000] TRACE starting package cataloger name=python-installed-package-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.egg-info
[0000] TRACE searching filetree by glob glob=**/*.egg-info
[0000] TRACE searching for paths matching glob glob=**/*dist-info/METADATA
[0000] TRACE searching filetree by glob glob=**/*dist-info/METADATA
[0000] TRACE searching for paths matching glob glob=**/*egg-info/PKG-INFO
[0000] TRACE searching filetree by glob glob=**/*egg-info/PKG-INFO
[0000] TRACE searching for paths matching glob glob=**/*DIST-INFO/METADATA
[0000] TRACE searching filetree by glob glob=**/*DIST-INFO/METADATA
[0000] TRACE searching for paths matching glob glob=**/*EGG-INFO/PKG-INFO
[0000] TRACE searching filetree by glob glob=**/*EGG-INFO/PKG-INFO
[0000] DEBUG discovered 0 packages cataloger=python-installed-package-cataloger
[0000] TRACE package cataloger completed name=python-installed-package-cataloger
[0000] TRACE starting package cataloger name=go-module-binary-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching mimetype mimetypes=[application/x-executable application/x-mach-binary application/x-elf application/x-sharedlib application/vnd.microsoft.portable-executable]
[0000] TRACE searching filetree by MIME types types=[application/x-executable application/x-mach-binary application/x-elf application/x-sharedlib application/vnd.microsoft.portable-executable]
[0000] TRACE parsing file contents path=/k3s
[0000] DEBUG found database update candidate: Listing(url=https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2024-01-19T01:27:49Z_f87f267de31b0a1fde9d.tar.gz)
[0000] DEBUG existing database is already up to date
[0000] DEBUG no database update available
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/containerd/stargz-snapshotter/estargz@v0.14.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/go-logr/logr@v1.4.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/gogo/protobuf@v1.3.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/google/go-containerregistry@v0.14.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/google/gofuzz@v1.2.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/json-iterator/go@v1.1.12/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/klauspost/compress@v1.17.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/modern-go/reflect2@v1.0.2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/opencontainers/go-digest@v1.0.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/opencontainers/image-spec@v1.1.0-rc5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/pierrec/lz4@v2.6.0+incompatible/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/pkg/errors@v0.9.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/rancher/wharfie@v0.5.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/rancher/wrangler@v1.1.1-0.20230807182002-35cb42e6a915/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/sirupsen/logrus@v1.9.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/spf13/pflag@v1.0.5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/urfave/cli@v1.22.14/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/vbatts/tar-split@v0.11.5/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/net@v0.17.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/sync@v0.6.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/sys@v0.13.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/golang.org/x/text@v0.14.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/gopkg.in/inf.v0@v0.9.1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/gopkg.in/yaml.v2@v2.4.0/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/kubernetes/staging/src/k8s.io/apimachinery@v1.26.13-k3s1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/klog/v2@v2.80.1-k3s1/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/k8s.io/utils@v0.0.0-20230406110748-d93618cff8a2/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/sigs.k8s.io/structured-merge-diff/v4@v4.2.3/*
[0000] TRACE searching filetree by glob glob=**/go/pkg/mod/github.com/k3s-io/k3s@(devel)/*
[0000] DEBUG discovered 32 packages cataloger=go-module-binary-cataloger
[0000] TRACE package cataloger completed name=go-module-binary-cataloger
[0000] TRACE starting package cataloger name=java-archive-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.jar
[0000] TRACE searching filetree by glob glob=**/*.jar
[0000] TRACE searching for paths matching glob glob=**/*.war
[0000] TRACE searching filetree by glob glob=**/*.war
[0000] TRACE searching for paths matching glob glob=**/*.ear
[0000] TRACE searching filetree by glob glob=**/*.ear
[0000] TRACE searching for paths matching glob glob=**/*.par
[0000] TRACE searching filetree by glob glob=**/*.par
[0000] TRACE searching for paths matching glob glob=**/*.sar
[0000] TRACE searching filetree by glob glob=**/*.sar
[0000] TRACE searching for paths matching glob glob=**/*.nar
[0000] TRACE searching filetree by glob glob=**/*.nar
[0000] TRACE searching for paths matching glob glob=**/*.jpi
[0000] TRACE searching filetree by glob glob=**/*.jpi
[0000] TRACE searching for paths matching glob glob=**/*.hpi
[0000] TRACE searching filetree by glob glob=**/*.hpi
[0000] TRACE searching for paths matching glob glob=**/*.lpkg
[0000] TRACE searching filetree by glob glob=**/*.lpkg
[0000] TRACE searching for paths matching glob glob=**/*.zip
[0000] TRACE searching filetree by glob glob=**/*.zip
[0000] DEBUG discovered 0 packages cataloger=java-archive-cataloger
[0000] TRACE package cataloger completed name=java-archive-cataloger
[0000] TRACE starting package cataloger name=graalvm-native-image-cataloger
[0000] TRACE searching filetree by MIME types types=[application/x-sharedlib application/vnd.microsoft.portable-executable application/x-executable application/x-mach-binary application/x-elf]
[0000] TRACE unable to extract SBOM from possible java native-image /k3s: no symbols found in binary: no symbol section
[0000] TRACE not a MachO binary error=invalid magic number in record at byte 0x0 filename=/k3s
[0000] TRACE not a PE binary error=unrecognized PE machine: 0x457f filename=/k3s
[0000] DEBUG discovered 0 packages cataloger=graalvm-native-image-cataloger
[0000] TRACE package cataloger completed name=graalvm-native-image-cataloger
[0000] TRACE starting package cataloger name=nix-store-cataloger
[0000] DEBUG discovered 0 packages cataloger=nix-store-cataloger
[0000] TRACE package cataloger completed name=nix-store-cataloger
[0000] TRACE starting package cataloger name=binary-cataloger
[0000] TRACE cataloging binaries classifier=python-binary
[0000] TRACE searching filetree by glob glob=**/python*
[0000] TRACE cataloging binaries classifier=python-binary-lib
[0000] TRACE searching filetree by glob glob=**/libpython*.so*
[0000] TRACE cataloging binaries classifier=pypy-binary-lib
[0000] TRACE searching filetree by glob glob=**/libpypy*.so*
[0000] TRACE cataloging binaries classifier=go-binary
[0000] TRACE searching filetree by glob glob=**/go
[0000] TRACE cataloging binaries classifier=julia-binary
[0000] TRACE searching filetree by glob glob=**/libjulia-internal.so
[0000] TRACE cataloging binaries classifier=helm
[0000] TRACE searching filetree by glob glob=**/helm
[0000] TRACE cataloging binaries classifier=redis-binary
[0000] TRACE searching filetree by glob glob=**/redis-server
[0000] TRACE cataloging binaries classifier=java-binary-openjdk
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=java-binary-ibm
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=java-binary-oracle
[0000] TRACE searching filetree by glob glob=**/java
[0000] TRACE cataloging binaries classifier=nodejs-binary
[0000] TRACE searching filetree by glob glob=**/node
[0000] TRACE cataloging binaries classifier=go-binary-hint
[0000] TRACE searching filetree by glob glob=**/VERSION
[0000] TRACE cataloging binaries classifier=busybox-binary
[0000] TRACE searching filetree by glob glob=**/busybox
[0000] TRACE cataloging binaries classifier=haproxy-binary
[0000] TRACE searching filetree by glob glob=**/haproxy
[0000] TRACE cataloging binaries classifier=perl-binary
[0000] TRACE searching filetree by glob glob=**/perl
[0000] TRACE cataloging binaries classifier=php-cli-binary
[0000] TRACE searching filetree by glob glob=**/php*
[0000] TRACE cataloging binaries classifier=php-fpm-binary
[0000] TRACE searching filetree by glob glob=**/php-fpm*
[0000] TRACE cataloging binaries classifier=php-apache-binary
[0000] TRACE searching filetree by glob glob=**/libphp*.so
[0000] TRACE cataloging binaries classifier=php-composer-binary
[0000] TRACE searching filetree by glob glob=**/composer*
[0000] TRACE cataloging binaries classifier=httpd-binary
[0000] TRACE searching filetree by glob glob=**/httpd
[0000] TRACE cataloging binaries classifier=memcached-binary
[0000] TRACE searching filetree by glob glob=**/memcached
[0000] TRACE cataloging binaries classifier=traefik-binary
[0000] TRACE searching filetree by glob glob=**/traefik
[0000] TRACE cataloging binaries classifier=postgresql-binary
[0000] TRACE searching filetree by glob glob=**/postgres
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=mysql-binary
[0000] TRACE searching filetree by glob glob=**/mysql
[0000] TRACE cataloging binaries classifier=xtrabackup-binary
[0000] TRACE searching filetree by glob glob=**/xtrabackup
[0000] TRACE cataloging binaries classifier=mariadb-binary
[0000] TRACE searching filetree by glob glob=**/mariadb
[0000] TRACE cataloging binaries classifier=rust-standard-library-linux
[0000] TRACE searching filetree by glob glob=**/libstd-????????????????.so
[0000] TRACE cataloging binaries classifier=rust-standard-library-macos
[0000] TRACE searching filetree by glob glob=**/libstd-????????????????.dylib
[0000] TRACE cataloging binaries classifier=ruby-binary
[0000] TRACE searching filetree by glob glob=**/ruby
[0000] TRACE cataloging binaries classifier=erlang-binary
[0000] TRACE searching filetree by glob glob=**/erlexec
[0000] TRACE cataloging binaries classifier=consul-binary
[0000] TRACE searching filetree by glob glob=**/consul
[0000] TRACE cataloging binaries classifier=nginx-binary
[0000] TRACE searching filetree by glob glob=**/nginx
[0000] TRACE cataloging binaries classifier=bash-binary
[0000] TRACE searching filetree by glob glob=**/bash
[0000] TRACE cataloging binaries classifier=openssl-binary
[0000] TRACE searching filetree by glob glob=**/openssl
[0000] TRACE cataloging binaries classifier=gcc-binary
[0000] TRACE searching filetree by glob glob=**/gcc
[0000] TRACE cataloging binaries classifier=wordpress-cli-binary
[0000] TRACE searching filetree by glob glob=**/wp
[0000] DEBUG discovered 0 packages cataloger=binary-cataloger
[0000] TRACE package cataloger completed name=binary-cataloger
[0000] TRACE starting package cataloger name=github-actions-usage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yml
[0000] TRACE searching for paths matching glob glob=**/.github/actions/*/action.yml
[0000] TRACE searching filetree by glob glob=**/.github/actions/*/action.yml
[0000] TRACE searching for paths matching glob glob=**/.github/actions/*/action.yaml
[0000] TRACE searching filetree by glob glob=**/.github/actions/*/action.yaml
[0000] DEBUG discovered 0 packages cataloger=github-actions-usage-cataloger
[0000] TRACE package cataloger completed name=github-actions-usage-cataloger
[0000] TRACE starting package cataloger name=github-action-workflow-usage-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yaml
[0000] TRACE searching for paths matching glob glob=**/.github/workflows/*.yml
[0000] TRACE searching filetree by glob glob=**/.github/workflows/*.yml
[0000] DEBUG discovered 0 packages cataloger=github-action-workflow-usage-cataloger
[0000] TRACE package cataloger completed name=github-action-workflow-usage-cataloger
[0000] TRACE starting package cataloger name=sbom-cataloger
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/usr/lib/os-release
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/system-release-cpe
[0000] TRACE searching filetree by path path=/usr/local/bin/etc/redhat-release
[0000] TRACE searching filetree by path path=/usr/local/bin/bin/busybox
[0000] TRACE searching for paths matching glob glob=**/*.syft.json
[0000] TRACE searching filetree by glob glob=**/*.syft.json
[0000] TRACE searching for paths matching glob glob=**/*.bom.*
[0000] TRACE searching filetree by glob glob=**/*.bom.*
[0000] TRACE searching for paths matching glob glob=**/*.bom
[0000] TRACE searching filetree by glob glob=**/*.bom
[0000] TRACE searching for paths matching glob glob=**/bom
[0000] TRACE searching filetree by glob glob=**/bom
[0000] TRACE searching for paths matching glob glob=**/*.sbom.*
[0000] TRACE searching filetree by glob glob=**/*.sbom.*
[0000] TRACE searching for paths matching glob glob=**/*.sbom
[0000] TRACE searching filetree by glob glob=**/*.sbom
[0000] TRACE searching for paths matching glob glob=**/sbom
[0000] TRACE searching filetree by glob glob=**/sbom
[0000] TRACE searching for paths matching glob glob=**/*.cdx.*
[0000] TRACE searching filetree by glob glob=**/*.cdx.*
[0000] TRACE searching for paths matching glob glob=**/*.cdx
[0000] TRACE searching filetree by glob glob=**/*.cdx
[0000] TRACE searching for paths matching glob glob=**/*.spdx.*
[0000] TRACE searching filetree by glob glob=**/*.spdx.*
[0000] TRACE searching for paths matching glob glob=**/*.spdx
[0000] TRACE searching filetree by glob glob=**/*.spdx
[0000] DEBUG discovered 0 packages cataloger=sbom-cataloger
[0000] TRACE package cataloger completed name=sbom-cataloger
[0000] DEBUG no CPEs for package: Pkg(name="gopkg.in/inf.v0" version="v0.9.1" type="go-module" id="c18955394e2e88b3")
[0000] DEBUG no CPEs for package: Pkg(name="gopkg.in/yaml.v2" version="v2.4.0" type="go-module" id="41aa3fc6e13b5446")
[0000] DEBUG no CPEs for package: Pkg(name="k8s.io/utils" version="v0.0.0-20230406110748-d93618cff8a2" type="go-module" id="2e1ddc648eaebf40")
[0000] DEBUG no CPEs for package: Pkg(name="sigs.k8s.io/json" version="v0.0.0-20221116044647-bc3834ca7abd" type="go-module" id="95a7f56d3f28299f")
[0000]  WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none
[0000] TRACE finding matches against DB
[0000] DEBUG adding matcher: deb
[0000] DEBUG adding matcher: gem
[0000] DEBUG adding matcher: python
[0000] DEBUG adding matcher: dotnet
[0000] DEBUG adding matcher: rpm
[0000] DEBUG adding matcher: java-archive
[0000] DEBUG adding matcher: jenkins-plugin
[0000] DEBUG adding matcher: npm
[0000] DEBUG adding matcher: apk
[0000] DEBUG adding matcher: go-module
[0000] DEBUG adding matcher: msrc-kb
[0000] DEBUG adding matcher: portage
[0000] DEBUG adding matcher: rust-crate
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/containerd/stargz-snapshotter/estargz@v0.14.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/go-logr/logr@v1.4.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/gogo/protobuf@v1.3.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/google/go-containerregistry@v0.14.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/google/gofuzz@v1.2.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/json-iterator/go@v1.1.12
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/k3s@v1.26.13-rc2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/klog/v2@v2.80.1-k3s1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/k3s-io/kubernetes/staging/src/k8s.io/apimachinery@v1.26.13-k3s1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/klauspost/compress@v1.17.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/modern-go/reflect2@v1.0.2
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/opencontainers/go-digest@v1.0.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/opencontainers/image-spec@v1.1.0-rc5
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/pierrec/lz4@v2.6.0+incompatible
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/pkg/errors@v0.9.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/rancher/wharfie@v0.5.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/rancher/wrangler@v1.1.1-0.20230807182002-35cb42e6a915
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/sirupsen/logrus@v1.9.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/spf13/pflag@v1.0.5
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/urfave/cli@v1.22.14
[0000] TRACE searching for vulnerability matches package=pkg:golang/github.com/vbatts/tar-split@v0.11.5
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/net@v0.17.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/sync@v0.6.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/sys@v0.13.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/golang.org/x/text@v0.14.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/gopkg.in/inf.v0@v0.9.1
[0000] TRACE searching for vulnerability matches package=pkg:golang/gopkg.in/yaml.v2@v2.4.0
[0000] TRACE searching for vulnerability matches package=pkg:golang/k8s.io/utils@v0.0.0-20230406110748-d93618cff8a2
[0000] TRACE searching for vulnerability matches package=pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd
[0000] TRACE searching for vulnerability matches package=pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.2.3
[0000] TRACE searching for vulnerability matches package=pkg:golang/stdlib@1.20.13
[0000] TRACE finding matches against available VEX documents
[0000]  INFO found 0 vulnerability matches across 32 packages
[0000] DEBUG   ├── fixed: 0
[0000] DEBUG   ├── ignored: 0 (due to user-provided rule)
[0000] DEBUG   ├── dropped: 0 (due to hard-coded correction)
[0000] DEBUG   └── matched: 0
[0000] DEBUG       ├── unknown severity: 0
[0000] DEBUG       ├── negligible: 0
[0000] DEBUG       ├── low: 0
[0000] DEBUG       ├── medium: 0
[0000] DEBUG       ├── high: 0
[0000] DEBUG       └── critical: 0
[0000] TRACE worker stopped component=eventloop
[0000] TRACE signal exit component=eventloop
{
 "matches": [],
 "source": {
  "type": "file",
  "target": "/usr/local/bin/k3s"
 },
 "distro": {
  "name": "",
  "version": "",
  "idLike": null
 },
 "descriptor": {
  "name": "grype",
  "version": "0.74.1",
  "configuration": {
   "output": [
    "json"
   ],
   "file": "",
   "distro": "",
   "add-cpes-if-none": false,
   "output-template-file": "",
   "check-for-app-update": true,
   "only-fixed": false,
   "only-notfixed": false,
   "ignore-wontfix": "",
   "platform": "",
   "search": {
    "scope": "squashed",
    "unindexed-archives": false,
    "indexed-archives": true
   },
   "ignore": null,
   "exclude": [],
   "db": {
    "cache-dir": "/home/ec2-user/.cache/grype/db",
    "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json",
    "ca-cert": "",
    "auto-update": true,
    "validate-by-hash-on-start": false,
    "validate-age": true,
    "max-allowed-built-age": 432000000000000
   },
   "externalSources": {
    "enable": false,
    "maven": {
     "searchUpstreamBySha1": true,
     "baseUrl": "https://search.maven.org/solrsearch/select"
    }
   },
   "match": {
    "java": {
     "using-cpes": false
    },
    "dotnet": {
     "using-cpes": false
    },
    "golang": {
     "using-cpes": false,
     "always-use-cpe-for-stdlib": true
    },
    "javascript": {
     "using-cpes": false
    },
    "python": {
     "using-cpes": false
    },
    "ruby": {
     "using-cpes": false
    },
    "rust": {
     "using-cpes": false
    },
    "stock": {
     "using-cpes": true
    }
   },
   "fail-on-severity": "",
   "registry": {
    "insecure-skip-tls-verify": false,
    "insecure-use-http": false,
    "auth": null,
    "ca-cert": ""
   },
   "show-suppressed": false,
   "by-cve": false,
   "name": "",
   "default-image-pull-source": "",
   "vex-documents": [],
   "vex-add": []
  },
  "db": {
   "built": "2024-01-19T01:27:49Z",
   "schemaVersion": 5,
   "location": "/home/ec2-user/.cache/grype/db/5",
   "checksum": "sha256:0dabe98d1b63ae614672cf44a055b9480e900c459f66d5e688ef4c2e31626cd0",
   "error": null
  },
  "timestamp": "2024-01-19T19:36:51.856105515Z"
 }
}

@VestigeJ VestigeJ modified the milestones: v1.26.13+k3s1, v1.26.14+k3s1 Jan 19, 2024
@caroline-suse-rancher
Copy link
Contributor

Since it's unlikely we will release 1.26 in March patches, I will close this issue now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@fmoral2 fmoral2

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.26.14+k3s1
Development

No branches or pull requests
7 participants
@brandond @VestigeJ @rancher-max @ShylajaDevadiga @caroline-suse-rancher @fmoral2 @aganesh-suse