github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/integration/testdata/amazon-1.json.golden (about) 1 { 2 "SchemaVersion": 2, 3 "CreatedAt": "2021-08-25T12:20:30.000000005Z", 4 "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz", 5 "ArtifactType": "container_image", 6 "Metadata": { 7 "OS": { 8 "Family": "amazon", 9 "Name": "AMI release 2018.03" 10 }, 11 "ImageID": "sha256:961c4ee06269351d858969ea0426878675ed708d3a140246eabbc0bfc352bffa", 12 "DiffIDs": [ 13 "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" 14 ], 15 "ImageConfig": { 16 "architecture": "amd64", 17 "container": "ef1b126795001e9b4bdc14a01180e4d8146282d279f53e05adfaa8195ecda20e", 18 "created": "2019-09-05T23:37:46.854286502Z", 19 "docker_version": "18.06.1-ce", 20 "history": [ 21 { 22 "created": "2019-09-05T23:37:46.575366692Z", 23 "created_by": "/bin/sh -c #(nop) ADD file:45ed06ba8960dec70e01e809fe38df2718d4b16aa2b0f88835522d8366de71e3 in / " 24 }, 25 { 26 "created": "2019-09-05T23:37:46.854286502Z", 27 "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", 28 "empty_layer": true 29 } 30 ], 31 "os": "linux", 32 "rootfs": { 33 "type": "layers", 34 "diff_ids": [ 35 "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" 36 ] 37 }, 38 "config": { 39 "Cmd": [ 40 "/bin/bash" 41 ], 42 "Env": [ 43 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 44 ], 45 "Image": "sha256:8db654f611aca1693ac658bd981ee35e4b6517e6ef74fa608c4b3b3595a986c8", 46 "ArgsEscaped": true 47 } 48 } 49 }, 50 "Results": [ 51 { 52 "Target": "testdata/fixtures/images/amazon-1.tar.gz (amazon AMI release 2018.03)", 53 "Class": "os-pkgs", 54 "Type": "amazon", 55 "Vulnerabilities": [ 56 { 57 "VulnerabilityID": "CVE-2019-5481", 58 "PkgID": "curl@7.61.1-11.91.amzn1.x86_64", 59 "PkgName": "curl", 60 "PkgIdentifier": { 61 "PURL": "pkg:rpm/amazon/curl@7.61.1-11.91.amzn1?arch=x86_64\u0026distro=amazon-AMI+release+2018.03" 62 }, 63 "InstalledVersion": "7.61.1-11.91.amzn1", 64 "FixedVersion": "7.61.1-12.93.amzn1", 65 "Status": "fixed", 66 "Layer": { 67 "Digest": "sha256:105ff6bf468b1422ad7c47ea9d63eae82f875c93310cb8d34551951e754ef43b", 68 "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" 69 }, 70 "SeveritySource": "amazon", 71 "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", 72 "DataSource": { 73 "ID": "amazon", 74 "Name": "Amazon Linux Security Center", 75 "URL": "https://alas.aws.amazon.com/" 76 }, 77 "Title": "curl: double free due to subsequent call of realloc()", 78 "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", 79 "Severity": "MEDIUM", 80 "CweIDs": [ 81 "CWE-415" 82 ], 83 "VendorSeverity": { 84 "amazon": 2, 85 "arch-linux": 2, 86 "nvd": 4, 87 "oracle-oval": 2, 88 "photon": 4, 89 "redhat": 2, 90 "ubuntu": 2 91 }, 92 "CVSS": { 93 "nvd": { 94 "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", 95 "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", 96 "V2Score": 7.5, 97 "V3Score": 9.8 98 }, 99 "redhat": { 100 "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", 101 "V3Score": 5.7 102 } 103 }, 104 "References": [ 105 "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", 106 "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", 107 "https://access.redhat.com/security/cve/CVE-2019-5481", 108 "https://curl.haxx.se/docs/CVE-2019-5481.html", 109 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", 110 "https://linux.oracle.com/cve/CVE-2019-5481.html", 111 "https://linux.oracle.com/errata/ELSA-2020-1792.html", 112 "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/", 113 "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", 114 "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", 115 "https://seclists.org/bugtraq/2020/Feb/36", 116 "https://security.gentoo.org/glsa/202003-29", 117 "https://security.netapp.com/advisory/ntap-20191004-0003/", 118 "https://ubuntu.com/security/notices/USN-4129-1", 119 "https://www.debian.org/security/2020/dsa-4633", 120 "https://www.oracle.com/security-alerts/cpuapr2020.html", 121 "https://www.oracle.com/security-alerts/cpujan2020.html", 122 "https://www.oracle.com/security-alerts/cpuoct2020.html" 123 ], 124 "PublishedDate": "2019-09-16T19:15:00Z", 125 "LastModifiedDate": "2020-10-20T22:15:00Z" 126 } 127 ] 128 } 129 ] 130 }