Document security vulnerabilities and their impact (or lack of) #8147
KevinDW-Fluxys
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Fluent-bit shows a lot of vulnerabilities (for example: 50 on v2.1.10 in the security report of the helm chart on artifacthub) on security reports by image scanning tools, but many of them are not relevant.
It would be nice to have a documentation page with an overview of the open CVEs and a short description of why these don't affect fluentbit (or why they do / could affect fluentbit)
I believe this could make life easier by allowing users to quickly mark CVEs as irrelevant in our security tools based on a validated source, instead of having to investigate them one by one.
Beta Was this translation helpful? Give feedback.
All reactions