GitHub - chainguard-dev/test-remediation-packages: Wolfi package repository for testing CVE fixes

This is a Wolfi packages repository for testing our CVE remediation service.

Each directory contains a list of files which are required to build the listed APKs and a README file with information on how to fix its detected CVEs for these APKs.

To fix these CVEs, we have used the following CLI:

Usage:
  ai-cve-remediation [flags]
  ai-cve-remediation [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  version     Prints the version

Flags:
      --arch string                     chosen architecture for the package (default "aarch64")
      --build-package                   build the Wolfi package
      --dir string                      optional override to the local directory that contains the package.  Defaults to cloning Wolfi os packages repo into a temp folder
      --dry-run                         print the Wolfi package definition
      --gcs-scan-bucket-name string     GCS Scan Bucket name (default "grype-scan-results-wxavnszrsjp4")
      --github-organization string      git organization to package repository for Wolfi images (default "hectorj2f")
      --github-repository string        git repository to package repository for Wolfi images (default "os")
      --github-user-email string        github user email to create the pull request (default "hector@chainguard.dev")
      --github-username string          github username to create the pull request (default "hectorj2f")
  -h, --help                            help for ai-cve-remediation
      --image-ref string                image reference with the affected vulnerability (default "chainreg.biz/chainguard-private/vitess-lite@sha256:9048831be5854c4f741b6ac9dd1484a1d69920b11869ad4f82948867f6e3192f")
      --package-name string             Package name (default "vitess-20.0")
      --package-repo-ref string         Package repository branch name (default "main")
      --vuln-component-name string      vulnerability component name
      --vuln-component-version string   vulnerability component version
      --vuln-fixed-version string       vulnerability component fixed version
      --vuln-id string                  CVE-ID (default "GHSA-mwcw-c2x4-8c55")
      --vuln-type string                Component type affected by the vulnerability (e.g. java-archive, rust-crate, npm, gem, go-module, python (default "npm")

Use "ai-cve-remediation [command] --help" for more information about a command.

Run

./ai-cve-remediation --build-package=true --vuln-id=GHSA-gmj6-6f8f-6699 --vuln-type=python --image-ref=cgr.dev/chainguard-private/kubeflow-volumes-web-app@sha256:f9e189a0e2975d0829458409b510c15f858387b0cc2927b840ae251ea5cdec4f --github-repository=os --package-name=kubeflow-volumes-web-app

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
.github/chainguard		.github/chainguard
airflow-2.10.3-r0		airflow-2.10.3-r0
airflow-core		airflow-core
airflow		airflow
argo-workflows		argo-workflows
argocd-image-updater		argocd-image-updater
gitlab-runner-17.5		gitlab-runner-17.5
grafana-image-renderer		grafana-image-renderer
jitsucom-jitsu		jitsucom-jitsu
k3s		k3s
kibana-8		kibana-8
kubeflow-centraldashboard		kubeflow-centraldashboard
kubeflow-jupyter-web-app		kubeflow-jupyter-web-app
kubeflow-pipelines-visualization-server		kubeflow-pipelines-visualization-server
kubeflow-pipelines		kubeflow-pipelines
kubeflow-volumes-web-app		kubeflow-volumes-web-app
logstash-8		logstash-8
mlflow		mlflow
opensearch-dashboard-2		opensearch-dashboard-2
pipelines		pipelines
pulumi-language-java		pulumi-language-java
sqlpad		sqlpad
thingsboard		thingsboard
tileserver-gl		tileserver-gl
ts-patch		ts-patch
vitess-20.0		vitess-20.0
.yam.yaml		.yam.yaml
Makefile		Makefile
README.md		README.md
airflow-2.10.3-r0.yaml		airflow-2.10.3-r0.yaml
airflow-core.yaml		airflow-core.yaml
airflow.yaml		airflow.yaml
amass-4.2.0-r16.yaml		amass-4.2.0-r16.yaml
argo-workflows.yaml		argo-workflows.yaml
argocd-image-updater-0.15.2-r0.yaml		argocd-image-updater-0.15.2-r0.yaml
argocd-image-updater.yaml		argocd-image-updater.yaml
aws-efs-csi-driver-2.1.2-r2.yaml		aws-efs-csi-driver-2.1.2-r2.yaml
az-2.62.0-r0.yaml		az-2.62.0-r0.yaml
build-aarch64.env		build-aarch64.env
build-x86_64.env		build-x86_64.env
cert-exporter-2.14.0-r3.yaml		cert-exporter-2.14.0-r3.yaml
dgraph-24.0.5-r3.yaml		dgraph-24.0.5-r3.yaml
fluent-operator-3.2.0-r4.yaml		fluent-operator-3.2.0-r4.yaml
gatekeeper-3.18-3.18.2-r2.yaml		gatekeeper-3.18-3.18.2-r2.yaml
ggshield-1.17.3-r0.yaml		ggshield-1.17.3-r0.yaml
ggshield.yaml		ggshield.yaml
gitlab-runner-17.5.yaml		gitlab-runner-17.5.yaml
grafana-image-renderer.yaml		grafana-image-renderer.yaml
grafana-mimir-2.15.0-r2.yaml		grafana-mimir-2.15.0-r2.yaml
jitsucom-jitsu.yaml		jitsucom-jitsu.yaml
k3s-1.31.4.1-r1.yaml		k3s-1.31.4.1-r1.yaml
k3s.yaml		k3s.yaml
k8s-sidecar-0.yaml		k8s-sidecar-0.yaml
k8s-sidecar-1.24.6-r0.yaml		k8s-sidecar-1.24.6-r0.yaml
k8s-sidecar-1.26.1-r0.yaml		k8s-sidecar-1.26.1-r0.yaml
k8s-sidecar-1.27.4-r0.yaml		k8s-sidecar-1.27.4-r0.yaml
k8s-sidecar-1.27.4-r1.yaml		k8s-sidecar-1.27.4-r1.yaml
k8s-sidecar.yaml		k8s-sidecar.yaml
karpenter-1.1-1.1.1-r0.yaml		karpenter-1.1-1.1.1-r0.yaml
kibana-8.yaml		kibana-8.yaml
kserve-0.13.1-r2.yaml		kserve-0.13.1-r2.yaml
kubeflow-centraldashboard.yaml		kubeflow-centraldashboard.yaml
kubeflow-jupyter-web-app.yaml		kubeflow-jupyter-web-app.yaml
kubeflow-pipelines-visualization-server.yaml		kubeflow-pipelines-visualization-server.yaml
kubeflow-pipelines.yaml		kubeflow-pipelines.yaml
kubeflow-volumes-web-app.yaml		kubeflow-volumes-web-app.yaml
logstash-8.yaml		logstash-8.yaml
mlflow.yaml		mlflow.yaml
nats-0.1.5-r1.yaml		nats-0.1.5-r1.yaml
nfs-subdir-external-provisioner-4.0.18-r13.yaml		nfs-subdir-external-provisioner-4.0.18-r13.yaml
opensearch-dashboards-2-2.15.0-r1.yaml		opensearch-dashboards-2-2.15.0-r1.yaml
opensearch-dashboards-2-2.17.0-r0.yaml		opensearch-dashboards-2-2.17.0-r0.yaml
opensearch-dashboards-2.yaml		opensearch-dashboards-2.yaml
opentofu-1.9-1.9.0-r1.yaml		opentofu-1.9-1.9.0-r1.yaml
oras-1.2.1-r0.yaml		oras-1.2.1-r0.yaml
portieris-0.13.23-r1.yaml		portieris-0.13.23-r1.yaml
prometheus-podman-exporter-1.14.0-r2.yaml		prometheus-podman-exporter-1.14.0-r2.yaml
pulumi-language-java.yaml		pulumi-language-java.yaml
pulumi-language-yaml-1.13.0-r4.yaml		pulumi-language-yaml-1.13.0-r4.yaml
py3-cassandra-medusa-0.17.1-r2.yaml		py3-cassandra-medusa-0.17.1-r2.yaml
py3-cassandra-medusa-0.17.2-r0.yaml		py3-cassandra-medusa-0.17.2-r0.yaml
py3-cassandra-medusa-0.19.1-r0.yaml		py3-cassandra-medusa-0.19.1-r0.yaml
py3-cassandra-medusa-0.20.1-r0-2.yaml		py3-cassandra-medusa-0.20.1-r0-2.yaml
py3-cassandra-medusa-0.20.1-r0.yaml		py3-cassandra-medusa-0.20.1-r0.yaml
py3-cassandra-medusa-0.21.0-r2.yaml		py3-cassandra-medusa-0.21.0-r2.yaml
py3-cassandra-medusa-0.21.0-r3.yaml		py3-cassandra-medusa-0.21.0-r3.yaml
py3-cassandra-medusa-0.21.0-r4.yaml		py3-cassandra-medusa-0.21.0-r4.yaml
py3-cassandra-medusa-0.21.0-r5.yaml		py3-cassandra-medusa-0.21.0-r5.yaml
py3-cassandra-medusa-0.22.2-r0.yaml		py3-cassandra-medusa-0.22.2-r0.yaml
py3-cassandra-medusa-0.22.3-r0.yaml		py3-cassandra-medusa-0.22.3-r0.yaml
reflex-0.4.8-r0.yaml		reflex-0.4.8-r0.yaml
reflex-0.6.6-r0.yaml		reflex-0.6.6-r0.yaml
reflex0.4.yaml		reflex0.4.yaml
reflex0.6.yaml		reflex0.6.yaml
sqlpad.yaml		sqlpad.yaml
step-0.28.2-r4.yaml		step-0.28.2-r4.yaml
step-ca-0.28.1-r3.yaml		step-ca-0.28.1-r3.yaml
step-issuer-0.9.7-r0.yaml		step-issuer-0.9.7-r0.yaml
superset.yaml		superset.yaml
thingsboard.yaml		thingsboard.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Run

About

Releases

Packages

Contributors 3

Languages

chainguard-dev/test-remediation-packages

Folders and files

Latest commit

History

Repository files navigation

Run

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages