There are 26 vulnerabilities in this image, ranging from negligible to medium severity. Grype lets us know if a fix is available from a distribution package, and gives us the CVE number for further review.
First class SIF support in syft opens up new, easier workflows for vulnerability scanning of Singularity containers, as well inventory / audit processes that are increasingly important to users and institutions focused on supply chain security.
We’d like to thank Anchore for all of their help in landing support for SIF in stereoscope and Syft. Sylabs is committed to working with prominent projects in the OCI world, so that users can benefit from the unique features of SIF, while leveraging tools from the wider OCI ecosystem.