Highlights
- Filter CVEs listed in the CISA Known Exploited Vulnerabilities catalog.
uses: docker/scout-action@v1 with: command: cves image: [IMAGE] only-cisa-kev: true
Bug Fixes / Improvements
- Allow VEX matching when no subcomponents.
- Fix panic when attaching an invalid VEX document.
- Fix SPDX document root.
- Fix base image detection when image uses SCRATCH as the base image.
Contributors
