Forum Discussion
Solved
Vulnerabilities Introduced in CNAB after using cpa buildbundle
Hi, this is my first post here. I am following the instructions in the article https://learn.microsoft.com/en-us/partner-center/marketplace/azure-container-technical-assets-kubernetes?tabs=windo...
asif158 thanks for your question! We only scan the image inside the CNAB, and not the tool. so as long as the images are ok, it is fine.
Regarding the actual vulnerabilities - our team is looking into that right now and I will keep you updated here with any news.
Some good explanation of Trivy with Azure DevOps are available here: https://blog.rankiteo.com/devsecops-part-1-image-scanner-security/