chore: Add CVE template #2752
chore: Add CVE template #2752
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rexagod The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
|
This issue is currently awaiting triage. If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/M
| name: CVE report | ||
| about: Report a CVE detected in kube-state-metrics main branch | ||
| title: '' | ||
| labels: kind/cve |
There was a problem hiding this comment.
Introduced a new label to keep CVEs away from kind/bugs categorisation.
In an attempt to reduce the ticket churn we see from third-party detectors. Signed-off-by: Pranshu Srivastava <[email protected]>
rexagod
force-pushed
the
add-cve-template
branch
from
217aef6 to
973d7fc
Compare
rexagod
moved this from Needs Triage
to Needs Review (PR) or SIG Response (Issue)
in SIG Instrumentation
| --> | ||
|
|
||
| <!-- `govulncheck` data should include the command ran and should clearly mention the CVE in question in the logs --> | ||
|
|
There was a problem hiding this comment.
Let's add a checklist here
| [ ] I am aware that output from other scanners is high likely a false positive and the issue will be marked as spam. | |
| [ ] I have verified that govulncheck reports the vulnerability in the latest main |
|
|
||
| * kube-state-metrics version: | ||
| * Kubernetes version (use `kubectl version`): | ||
| * Cloud provider or hardware configuration: |
In an attempt to reduce the ticket churn we see from third-party detectors.
/cc @mrueg