You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I have built a custom python alpine image with my own glibc compiled on it. Then I compiled all python packages on top. Basically got rid of all musl based dependencies.
Now, when I run grype on this image, it still reports CVE-2024-9287. My current version of python (3.13) has this vulnerability fixed. Other scanners like trivy, docker scout, snyk do NOT report this CVE.
I wonder why would grype keep reporting it. I waited a while thinking the grype db might need an update but seems like it has been updated for this CVE but I continue to see this for my image which is a false positive.
How to reproduce it (as minimally and precisely as possible):
Hi, I have built a custom python alpine image with my own glibc compiled on it. Then I compiled all python packages on top. Basically got rid of all musl based dependencies.
Now, when I run grype on this image, it still reports CVE-2024-9287. My current version of python (3.13) has this vulnerability fixed. Other scanners like trivy, docker scout, snyk do NOT report this CVE.
I wonder why would grype keep reporting it. I waited a while thinking the grype db might need an update but seems like it has been updated for this CVE but I continue to see this for my image which is a false positive.
How to reproduce it (as minimally and precisely as possible):
I am using a mac (Sonoma)
The text was updated successfully, but these errors were encountered: