fix: remediate scanner dependency vulnerabilities by yuzichen12123 · Pull Request #53 · AlaudaDevops/harbor-scanner-trivy

yuzichen12123 · 2026-06-02T11:10:41Z

Summary

Update vulnerable Go dependencies including containerd, OpenTelemetry, golang.org/x/crypto, and related transitive modules.
Align github.com/docker/docker to the Moby 28.x pseudo-version that contains the AuthZ backports.
Add .trivyignore entries for docker/docker advisories that are already fixed in that pseudo-version.

GOTOOLCHAIN=auto GOPROXY=https://proxy.golang.org,direct go test ./...
trivy fs --ignorefile .trivyignore go.mod with HIGH,CRITICAL severity: 0 vulnerabilities.
docker/docker MEDIUM,HIGH,CRITICAL hits under .trivyignore policy: 0.

fix: remediate scanner dependency vulnerabilities

eb787e1

yuzichen12123 merged commit 8e564de into alauda-v0.34.2 Jun 2, 2026
1 check passed

yuzichen12123 deleted the fix/harbor-vuln-remediation-20260602 branch June 2, 2026 11:30