Vulnerability Status
Latest Scan Results
Vulnerability scan results are uploaded to GitHub Security (SARIF) after each weekly rescan and pre-release build.
View the latest results in the GitHub Security tab.
Per-Image Status
| Image | SARIF Category | Status |
|---|---|---|
| postgres | vulnerability-scan/sbomify/postgres | Scanned weekly |
| redis | vulnerability-scan/sbomify/redis | Scanned weekly |
| minio | vulnerability-scan/sbomify/minio | Scanned weekly |
| sbomify-app | vulnerability-scan/sbomify/sbomify-app | Scanned weekly |
| sbomify-keycloak | vulnerability-scan/sbomify/sbomify-keycloak | Scanned weekly |
| sbomify-caddy-dev | vulnerability-scan/sbomify/sbomify-caddy-dev | Scanned weekly |
| sbomify-minio-init | vulnerability-scan/sbomify/sbomify-minio-init | Scanned weekly |
How It Works
- The rescan-vulnerabilities workflow runs every Monday at 06:00 UTC
- It resolves the latest
sbomify-v*release tag - For each image, it extracts the SBOM from OCI attestations and scans with Grype
- Results are uploaded as SARIF to GitHub Code Scanning
- New findings are triaged per the remediation SLA