@@ -448,8 +448,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
448448
449449
450450Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
451- Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem.
452- 33 vulnerabilities can be fixed.
451+ Total 26 packages affected by 83 known vulnerabilities (10 Critical, 22 High, 36 Medium, 5 Low, 10 Unknown) from 1 ecosystem.
452+ 36 vulnerabilities can be fixed.
453453
454454
455455Ubuntu:22.04
@@ -479,7 +479,7 @@ Ubuntu:22.04
479479| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu |
480480| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
481481| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu |
482- | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu |
482+ | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu |
483483| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu |
484484| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu |
485485| xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu |
@@ -501,8 +501,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
501501
502502
503503Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
504- Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem.
505- 33 vulnerabilities can be fixed.
504+ Total 26 packages affected by 83 known vulnerabilities (10 Critical, 22 High, 36 Medium, 5 Low, 10 Unknown) from 1 ecosystem.
505+ 36 vulnerabilities can be fixed.
506506
507507
508508Ubuntu:22.04
@@ -532,7 +532,7 @@ Ubuntu:22.04
532532| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu |
533533| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
534534| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu |
535- | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu |
535+ | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu |
536536| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu |
537537| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu |
538538| xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu |
@@ -573,8 +573,8 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar"
573573
574574
575575Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
576- Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem.
577- 33 vulnerabilities can be fixed.
576+ Total 26 packages affected by 83 known vulnerabilities (10 Critical, 22 High, 36 Medium, 5 Low, 10 Unknown) from 1 ecosystem.
577+ 36 vulnerabilities can be fixed.
578578
579579
580580Ubuntu:22.04
@@ -604,7 +604,7 @@ Ubuntu:22.04
604604| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu |
605605| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
606606| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu |
607- | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu |
607+ | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu |
608608| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu |
609609| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu |
610610| xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu |
@@ -626,7 +626,7 @@ Scanning local image tarball "./testdata/test-java-full.tar"
626626
627627
628628Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image):
629- Total 35 packages affected by 136 known vulnerabilities (6 Critical, 66 High, 56 Medium, 7 Low, 1 Unknown) from 2 ecosystems.
629+ Total 35 packages affected by 136 known vulnerabilities (5 Critical, 67 High, 56 Medium, 7 Low, 1 Unknown) from 2 ecosystems.
630630136 vulnerabilities can be fixed.
631631
632632
@@ -1061,52 +1061,52 @@ Scanning local image tarball "./testdata/test-chisel.tar"
10611061
10621062
10631063Container Scanning Result (Ubuntu 26.04 LTS):
1064- Total 7 packages affected by 121 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 120 Unknown) from 2 ecosystems.
1065- 120 vulnerabilities can be fixed.
1064+ Total 7 packages affected by 139 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 138 Unknown) from 2 ecosystems.
1065+ 138 vulnerabilities can be fixed.
10661066
10671067
10681068Go
10691069+---------------------------------------------------------------------------------------------+
1070- | Source:artifact:/usr/lib/go-1.25 /bin/go |
1070+ | Source:artifact:/usr/lib/go-1.26 /bin/go |
10711071+---------+-------------------+---------------+------------+------------------+---------------+
10721072| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
10731073+---------+-------------------+---------------+------------+------------------+---------------+
1074- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1074+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
10751075+---------+-------------------+---------------+------------+------------------+---------------+
10761076+---------------------------------------------------------------------------------------------+
1077- | Source:artifact:/usr/lib/go-1.25 /bin/gofmt |
1077+ | Source:artifact:/usr/lib/go-1.26 /bin/gofmt |
10781078+---------+-------------------+---------------+------------+------------------+---------------+
10791079| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
10801080+---------+-------------------+---------------+------------+------------------+---------------+
1081- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1081+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
10821082+---------+-------------------+---------------+------------+------------------+---------------+
10831083+---------------------------------------------------------------------------------------------+
1084- | Source:artifact:/usr/lib/go-1.25 /pkg/tool/linux_amd64/asm |
1084+ | Source:artifact:/usr/lib/go-1.26 /pkg/tool/linux_amd64/asm |
10851085+---------+-------------------+---------------+------------+------------------+---------------+
10861086| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
10871087+---------+-------------------+---------------+------------+------------------+---------------+
1088- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1088+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
10891089+---------+-------------------+---------------+------------+------------------+---------------+
10901090+---------------------------------------------------------------------------------------------+
1091- | Source:artifact:/usr/lib/go-1.25 /pkg/tool/linux_amd64/compile |
1091+ | Source:artifact:/usr/lib/go-1.26 /pkg/tool/linux_amd64/compile |
10921092+---------+-------------------+---------------+------------+------------------+---------------+
10931093| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
10941094+---------+-------------------+---------------+------------+------------------+---------------+
1095- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1095+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
10961096+---------+-------------------+---------------+------------+------------------+---------------+
10971097+---------------------------------------------------------------------------------------------+
1098- | Source:artifact:/usr/lib/go-1.25 /pkg/tool/linux_amd64/link |
1098+ | Source:artifact:/usr/lib/go-1.26 /pkg/tool/linux_amd64/link |
10991099+---------+-------------------+---------------+------------+------------------+---------------+
11001100| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
11011101+---------+-------------------+---------------+------------+------------------+---------------+
1102- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1102+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
11031103+---------+-------------------+---------------+------------+------------------+---------------+
11041104+---------------------------------------------------------------------------------------------+
1105- | Source:artifact:/usr/lib/go-1.25 /pkg/tool/linux_amd64/vet |
1105+ | Source:artifact:/usr/lib/go-1.26 /pkg/tool/linux_amd64/vet |
11061106+---------+-------------------+---------------+------------+------------------+---------------+
11071107| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
11081108+---------+-------------------+---------------+------------+------------------+---------------+
1109- | stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- |
1109+ | stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- |
11101110+---------+-------------------+---------------+------------+------------------+---------------+
11111111Ubuntu:26.04
11121112+-------------------------------------------------------------------------------------------------------------------------------------------+
@@ -3041,26 +3041,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
30413041 " results" : [
30423042 {
30433043 " source" : {
3044- " path" : " /usr/lib/go-1.25 /bin/go" ,
3044+ " path" : " /usr/lib/go-1.26 /bin/go" ,
30453045 " type" : " artifact"
30463046 },
30473047 " packages" : [
30483048 {
30493049 " package" : {
30503050 " name" : " stdlib" ,
3051- " version" : " 1.25.7 " ,
3051+ " version" : " 1.26.0 " ,
30523052 " ecosystem" : " Go" ,
30533053 " image_origin_details" : {
30543054 " index" : 0
30553055 }
30563056 },
3057- " groups" : 20 ,
3057+ " groups" : 23 ,
30583058 " vulnerabilities" : [
3059+ " GO-2026-4599" ,
3060+ " GO-2026-4600" ,
30593061 " GO-2026-4601" ,
30603062 " GO-2026-4602" ,
30613063 " GO-2026-4603" ,
30623064 " GO-2026-4864" ,
30633065 " GO-2026-4865" ,
3066+ " GO-2026-4866" ,
30643067 " GO-2026-4869" ,
30653068 " GO-2026-4870" ,
30663069 " GO-2026-4918" ,
@@ -3082,26 +3085,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
30823085 },
30833086 {
30843087 " source" : {
3085- " path" : " /usr/lib/go-1.25 /bin/gofmt" ,
3088+ " path" : " /usr/lib/go-1.26 /bin/gofmt" ,
30863089 " type" : " artifact"
30873090 },
30883091 " packages" : [
30893092 {
30903093 " package" : {
30913094 " name" : " stdlib" ,
3092- " version" : " 1.25.7 " ,
3095+ " version" : " 1.26.0 " ,
30933096 " ecosystem" : " Go" ,
30943097 " image_origin_details" : {
30953098 " index" : 0
30963099 }
30973100 },
3098- " groups" : 20 ,
3101+ " groups" : 23 ,
30993102 " vulnerabilities" : [
3103+ " GO-2026-4599" ,
3104+ " GO-2026-4600" ,
31003105 " GO-2026-4601" ,
31013106 " GO-2026-4602" ,
31023107 " GO-2026-4603" ,
31033108 " GO-2026-4864" ,
31043109 " GO-2026-4865" ,
3110+ " GO-2026-4866" ,
31053111 " GO-2026-4869" ,
31063112 " GO-2026-4870" ,
31073113 " GO-2026-4918" ,
@@ -3123,26 +3129,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
31233129 },
31243130 {
31253131 " source" : {
3126- " path" : " /usr/lib/go-1.25 /pkg/tool/linux_amd64/asm" ,
3132+ " path" : " /usr/lib/go-1.26 /pkg/tool/linux_amd64/asm" ,
31273133 " type" : " artifact"
31283134 },
31293135 " packages" : [
31303136 {
31313137 " package" : {
31323138 " name" : " stdlib" ,
3133- " version" : " 1.25.7 " ,
3139+ " version" : " 1.26.0 " ,
31343140 " ecosystem" : " Go" ,
31353141 " image_origin_details" : {
31363142 " index" : 0
31373143 }
31383144 },
3139- " groups" : 20 ,
3145+ " groups" : 23 ,
31403146 " vulnerabilities" : [
3147+ " GO-2026-4599" ,
3148+ " GO-2026-4600" ,
31413149 " GO-2026-4601" ,
31423150 " GO-2026-4602" ,
31433151 " GO-2026-4603" ,
31443152 " GO-2026-4864" ,
31453153 " GO-2026-4865" ,
3154+ " GO-2026-4866" ,
31463155 " GO-2026-4869" ,
31473156 " GO-2026-4870" ,
31483157 " GO-2026-4918" ,
@@ -3164,26 +3173,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
31643173 },
31653174 {
31663175 " source" : {
3167- " path" : " /usr/lib/go-1.25 /pkg/tool/linux_amd64/compile" ,
3176+ " path" : " /usr/lib/go-1.26 /pkg/tool/linux_amd64/compile" ,
31683177 " type" : " artifact"
31693178 },
31703179 " packages" : [
31713180 {
31723181 " package" : {
31733182 " name" : " stdlib" ,
3174- " version" : " 1.25.7 " ,
3183+ " version" : " 1.26.0 " ,
31753184 " ecosystem" : " Go" ,
31763185 " image_origin_details" : {
31773186 " index" : 0
31783187 }
31793188 },
3180- " groups" : 20 ,
3189+ " groups" : 23 ,
31813190 " vulnerabilities" : [
3191+ " GO-2026-4599" ,
3192+ " GO-2026-4600" ,
31823193 " GO-2026-4601" ,
31833194 " GO-2026-4602" ,
31843195 " GO-2026-4603" ,
31853196 " GO-2026-4864" ,
31863197 " GO-2026-4865" ,
3198+ " GO-2026-4866" ,
31873199 " GO-2026-4869" ,
31883200 " GO-2026-4870" ,
31893201 " GO-2026-4918" ,
@@ -3205,26 +3217,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
32053217 },
32063218 {
32073219 " source" : {
3208- " path" : " /usr/lib/go-1.25 /pkg/tool/linux_amd64/link" ,
3220+ " path" : " /usr/lib/go-1.26 /pkg/tool/linux_amd64/link" ,
32093221 " type" : " artifact"
32103222 },
32113223 " packages" : [
32123224 {
32133225 " package" : {
32143226 " name" : " stdlib" ,
3215- " version" : " 1.25.7 " ,
3227+ " version" : " 1.26.0 " ,
32163228 " ecosystem" : " Go" ,
32173229 " image_origin_details" : {
32183230 " index" : 0
32193231 }
32203232 },
3221- " groups" : 20 ,
3233+ " groups" : 23 ,
32223234 " vulnerabilities" : [
3235+ " GO-2026-4599" ,
3236+ " GO-2026-4600" ,
32233237 " GO-2026-4601" ,
32243238 " GO-2026-4602" ,
32253239 " GO-2026-4603" ,
32263240 " GO-2026-4864" ,
32273241 " GO-2026-4865" ,
3242+ " GO-2026-4866" ,
32283243 " GO-2026-4869" ,
32293244 " GO-2026-4870" ,
32303245 " GO-2026-4918" ,
@@ -3246,26 +3261,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
32463261 },
32473262 {
32483263 " source" : {
3249- " path" : " /usr/lib/go-1.25 /pkg/tool/linux_amd64/vet" ,
3264+ " path" : " /usr/lib/go-1.26 /pkg/tool/linux_amd64/vet" ,
32503265 " type" : " artifact"
32513266 },
32523267 " packages" : [
32533268 {
32543269 " package" : {
32553270 " name" : " stdlib" ,
3256- " version" : " 1.25.7 " ,
3271+ " version" : " 1.26.0 " ,
32573272 " ecosystem" : " Go" ,
32583273 " image_origin_details" : {
32593274 " index" : 0
32603275 }
32613276 },
3262- " groups" : 20 ,
3277+ " groups" : 23 ,
32633278 " vulnerabilities" : [
3279+ " GO-2026-4599" ,
3280+ " GO-2026-4600" ,
32643281 " GO-2026-4601" ,
32653282 " GO-2026-4602" ,
32663283 " GO-2026-4603" ,
32673284 " GO-2026-4864" ,
32683285 " GO-2026-4865" ,
3286+ " GO-2026-4866" ,
32693287 " GO-2026-4869" ,
32703288 " GO-2026-4870" ,
32713289 " GO-2026-4918" ,
0 commit comments