-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go Cryptography vulnerabilities detected by Docker Scan #512
Comments
This issue seems to be down to the binary - that's currently being distributed - as using Go 1.15.15 which has some known issues:
As you mention, recompiling with a newer version of the Go toolchain will resolve this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reopening #496
Hi guys. Not sure if the binaries are actually being updated with the latest builds. This CVE is still showing for me.
Steps to reproduce it:
It comes back with the
crypto
CVEs that were supposably patched:However, when I built the binary from my machine and copied it over to the Docker image it reported no CVEs. So I wonder if the binaries are being updated on CodeClimate's website.
The text was updated successfully, but these errors were encountered: