Common Vulnerabilities and Exposures (CVE) Reports - Armory Plugins

Please note that all CVE Reports are classified as Armory Confidential and Proprietary Information, and should not be shared outside of a customer's organization.  The documents fall under the customer's MSA and NDA agreements. As a part of our commitment to providing transparency to our customers, Armory periodically provides CVE reports for Plugins.   Armory currently uses Aqua Security to scan images for vulnerabilities. AquaSec scans are the only scans that Armory can process, as our Engineers can test the efficacy of any changes by rerunning scans to ensure the resolution of the identified vulnerabilities.   Armory runs Aqua Security scans on code throughout the continuous integration (CI) process and runs scans for all new releases. For more information on our Vulnerability Management Policy, please visit our KB article on the subject.

CVE Reports

The most recent CVE Reports from Aqua Security are available as attachments below the article.  

Armory CDSH CVE Reports

To find Armory CVE Reports for the CDSH product, please visit our KB article, Common Vulnerabilities and Exposures (CVE) Reports - Armory Continuous Delivery