You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The two vulnerabilities seem to be resource exhaustion attacks (not arbitrary code execution), and this component communicates with the Kubernetes API and the k8s-watcher rather than public endpoints. Still, it would be prudent to upgrade the go dependencies.
Steps to Reproduce
Run Trivy test (e.g., runs automatically upon merge)
What happened?
Description
Trivy is reporting potentially vulnerable packages in
collector/k8s
.The two vulnerabilities seem to be resource exhaustion attacks (not arbitrary code execution), and this component communicates with the Kubernetes API and the k8s-watcher rather than public endpoints. Still, it would be prudent to upgrade the go dependencies.
Steps to Reproduce
Run Trivy test (e.g., runs automatically upon merge)
Expected Result
No alerts
Actual Result
https://github.com/open-telemetry/opentelemetry-network/actions/runs/7010845578/job/19072233435#step:4:31
eBPF Collector version
f1aceba
Environment information
Environment
GitHub / Trivy scan
eBPF Collector configuration
No response
Log output
Additional context
No response
The text was updated successfully, but these errors were encountered: