Container: step-report { "results": [ { "metadata": { "id": "quay.io/rhtap_qe/rhtap-qe-java-quarkus:0edd34ceebf23f1f2b86ab75bb15aa493c61b275@sha256:f43ec6244e11d483b7d0515c42e91dc3e7b4e2dda94719e05e5001c4240bdfc4", "additionalInfo": { "name": "quay.io/rhtap_qe/rhtap-qe-java-quarkus:0edd34ceebf23f1f2b86ab75bb15aa493c61b275@sha256:f43ec6244e11d483b7d0515c42e91dc3e7b4e2dda94719e05e5001c4240bdfc4", "type": "image" } }, "summary": { "CRITICAL": 0, "HIGH": 1, "LOW": 1, "MEDIUM": 0, "TOTAL": 2 }, "violatedPolicies": [ { "name": "Fixable Severity at least Important", "severity": "HIGH", "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", "violation": [ "Fixable CVE-2025-55163 (CVSS 7.5) (severity Important) found in component 'io.netty:netty-codec-http2' (version 4.1.118.Final), resolved by version 4.1.124.Final", "Fixable RHSA-2025:15700 (CVSS 8) (severity Important) found in component 'cups-libs' (version 1:2.3.3op2-33.el9), resolved by version 1:2.3.3op2-33.el9_6.1" ], "remediation": "Use your package manager to update to a fixed version in future builds or speak with your security team to mitigate the vulnerabilities.", "failingCheck": true }, { "name": "Red Hat Package Manager in Image", "severity": "LOW", "description": "Alert on deployments with components of the Red Hat/Fedora/CentOS package management system.", "violation": [ "Image includes component 'microdnf' (version 3.9.1-3.el9)", "Image includes component 'rpm' (version 4.16.1.3-37.el9)" ], "remediation": "Run `rpm -e --nodeps $(rpm -qa '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*')` in the image build for production containers.", "failingCheck": false } ] } ], "summary": { "CRITICAL": 0, "HIGH": 1, "LOW": 1, "MEDIUM": 0, "TOTAL": 2 } }