Problem Statement/Rationale
We have run trivy security vulnerability scan and want to remediate the vulnerabilities detected.
We want to use the bitnami distribution of mongo ultimately but the bitnami automated pipelines would not detect the upstream release until it is remediated and released from the mongo db tools team.
Please help to remediate the vulnerabilities upgrading to the fixed versions and release.
Attached are the trivy scan reports for mongo and bitnami/mongo
Steps to Reproduce
command to run trivy scan:
trivy image --format template --template "@contrib/html.tpl" -o mongo_report.html mongo --ignore-unfixed
Expected Results
No vulnerabilites should be detected
Actual Results
Vulnerabilities are detected
Additional Notes
Any additional information that may be useful to include.