Get Vulnerability Updates

Data for SBOM Document ID: 279bf08f-d6bb-4df9-b40d-a21e16031836

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2023-10-20T08:05:02+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.46.0
Component bom-ref: pkg:oci/jenkins@sha256%3Ab728c15f3d9aa442b9ab5d6d6e75f2e5663e4a14f22dfcdac35f83245e76b343?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Ab728c15f3d9aa442b9ab5d6d6e75f2e5663e4a14f22dfcdac35f83245e76b343?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:2fa37f2ee66efbd308b9b91bce81c262f5e6ab6c3bf8056632afc60cc602785c,sha256:93d306fbcd08548145302670f69528fb86689837b2a28d3e713ce0000d791d09,sha256:48fc9ba1ebc77bdf80065c55131614512d96c9bcb78a9b5d483ceb9630df5def,sha256:29fdd158160f3782de76b98da1b8bf881db2107f012bcd75d3dba2a2cc209156,sha256:e2fc6bd9c7e538a9cd59af750c1e055a020bd8f3924a1de22f22704429b5d81a,sha256:d068ee3e0a4a0b8c62de5cbb260424c75521164870a0130df91ac7aec503a055,sha256:114e8faf059d073fc39a37d54e931c8eaea48ff688341cfabab5eab7d6e3bbde,sha256:10f9fead5e1bb5e47dd51fb3018783ef2e36428a95079fc43e4208a583570e05,sha256:724f0c40f1e714cf88316497a6fd0787f66b83c12f5aa64b87953ad37cfe2c13,sha256:27c4aaafe3d6c081b3adaf25ed0e8341a9c19c041b481374802c0324c1f2604c,sha256:05fb8a595b17421bb8374cae3e107001faf600830f62e2a5bcab21670586669e,sha256:68126eca054fe37c53870f4efbc780ae8a18967fb444cc190662d16ad1496264
  • aquasecurity:trivy:ImageID: sha256:892693e4fe3166280952abf6981fa9fb5b451c3be9ce3c689a7f708a6cf87546
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:b728c15f3d9aa442b9ab5d6d6e75f2e5663e4a14f22dfcdac35f83245e76b343
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

172

SBOM Quality Score

8.06 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

90

Critical

10

High

34

Medium

17

Low

10

None

18

CVE-2024-5535
Severity: Critical

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client...

CVE-2022-41903
Severity: Critical

Git is distributed revision control system. `git log` can display commits in an arbitrary format usi...

CVE-2018-1126
Severity: Critical

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t...

CVE-2024-32002
Severity: Critical

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, ...

CVE-2018-17456
Severity: Critical

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2...

CVE-2018-19486
Severity: Critical

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' ...

CVE-2019-1353
Severity: Critical

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.1...

CVE-2022-23521
Severity: Critical

Git is distributed revision control system. gitattributes are a mechanism to allow defining attribut...

CVE-2014-9390
Severity: Critical

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2...

CVE-2015-7545
Severity: Critical

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x ...

CVE-2019-19604
Severity: High

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2....

CVE-2020-5260
Severity: High

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private creden...

CVE-2019-1352
Severity: High

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, ...

CVE-2022-39260
Severity: High

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted lo...

CVE-2014-9938
Severity: High

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 varia...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.8

# Description Score Score Progress
1 150/173 have supplier names 8.7
2 173/173 have names 10.0
3 172/173 have versions 9.9
4 173/173 have unique ID's 10.0
5 doc has 22 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-10-20T08:05:02+00:00 10.0

Semantic

Average: 6.1

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/173 have licenses 8.3
3 0/173 have checksums 0.0

Quality

Average: 7.3

# Description Score Score Progress
1 138/173 components with valid license 5.9
2 173/173 components have primary purpose specified 10.0
3 126/173 components have deprecated licenses 2.7
4 0/173 components have restricted licenses 10.0
5 172/173 components have any lookup id 9.9
6 0/173 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0