A Kubernetes component of Argo CD responsible for rendering and generating Kubernetes manifests from Git repositories, supporting Helm, Kustomize, and other configuration management tools to enable declarative GitOps deployments.
Getting Started
To pull the image:
docker pull registry.hardened.eu/library/argocd-repo-server:latest
Verifying Image Signatures
All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:
Save the public key:
cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL
Verify the image signature:
cosign verify --key hardened.pub registry.hardened.eu/library/argocd-repo-server:latest
The verification will show the signature details and confirm the image’s authenticity.
To verify the SBOM, run the following command:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/argocd-repo-server:latest
To download the SBOM, run the same command and decode it:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/argocd-repo-server:latest | jq -r .payload | base64 -d | jq -r .predicate > argocd-repo-server-spdx.json
Trademarks
This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.
The latest tag is only public. Contact us for detailed information.
| Hash | Tag | Size (compressed) | Last updated | Actions |
|---|---|---|---|---|
| sha256:1a2530e48d948... |
latest
x86_64
|
112.00 MB | 13:51:13 24/10/2025 UTC (Calculating...) | |
| •••••••••••• | •••••••••••• | •••••••••••• | •••••••••••• | Contact Hardened |
Showing 479 packages
| Package | Version | License |
|---|---|---|
| alpine-os-release | 3.22-r2 | MIT |
| argo-cd-3.1-compat | 3.1.9-r2 | Apache-2.0 |
| argo-cd-3.1-repo-server | 3.1.9-r2 | Apache-2.0 |
| brotli-libs | 1.1.0-r2 | MIT |
| busybox | 1.37.0-r24 | GPL-2.0-only |
| busybox-binsh | 1.37.0-r24 | GPL-2.0-only |
| c-ares | 1.34.5-r0 | MIT |
| ca-certificates-bundle | 20250911-r0 | (MPL-2.0 AND MIT) |
| cloud.google.com/go/auth | v0.15.0 | - |
| cloud.google.com/go/auth/oauth2adapt | v0.2.7 | - |
| cloud.google.com/go/compute/metadata | v0.6.0 | - |
| code.gitea.io/sdk/gitea | v0.21.0 | - |
| cyrus-sasl | 2.1.28-r9 | (BSD-3-Clause-Attribution AND BSD-4-Clause) |
| dario.cat/mergo | v1.0.1 | - |
| dario.cat/mergo | v1.0.2 | - |
| gdbm | 1.26-r0 | GPL-3.0-or-later |
| git | 2.51.1-r1 | GPL-2.0-only |
| git-lfs | 3.7.0-r3 | MIT |
| github.com/42wim/httpsig | v1.2.2 | - |
| github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.18.0 | - |
| github.com/Azure/azure-sdk-for-go/sdk/azidentity | v1.10.1 | - |
| github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache | v0.3.2 | - |
| github.com/Azure/azure-sdk-for-go/sdk/internal | v1.11.1 | - |
| github.com/Azure/go-autorest/autorest | v0.11.29 | - |
| github.com/Azure/go-autorest/autorest/adal | v0.9.23 | - |
| github.com/Azure/go-autorest/autorest/date | v0.3.0 | - |
| github.com/Azure/go-autorest/logger | v0.2.1 | - |
| github.com/Azure/go-autorest/tracing | v0.6.0 | - |
| github.com/Azure/kubelogin | v0.2.8 | - |
| github.com/AzureAD/microsoft-authentication-extensions-for-go/cache | v0.1.1 | - |
| github.com/AzureAD/microsoft-authentication-library-for-go | v1.4.2 | - |
| github.com/BurntSushi/toml | v1.5.0 | - |
| github.com/MakeNowJust/heredoc | v1.0.0 | - |
| github.com/Masterminds/goutils | v1.1.1 | - |
| github.com/Masterminds/semver/v3 | v3.3.1 | - |
| github.com/Masterminds/semver/v3 | v3.4.0 | - |
| github.com/Masterminds/sprig/v3 | v3.3.0 | - |
| github.com/Masterminds/squirrel | v1.5.4 | - |
| github.com/Masterminds/vcs | v1.13.3 | - |
| github.com/OvyFlash/telegram-bot-api | v0.0.0-20241219171906-3f2ca0c14ada | - |
| github.com/PagerDuty/go-pagerduty | v1.8.0 | - |
| github.com/ProtonMail/go-crypto | v1.1.6 | - |
| github.com/RocketChat/Rocket.Chat.Go.SDK | v0.0.0-20240116134246-a8cbe886bab0 | - |
| github.com/TomOnTime/utfutil | v1.0.0 | - |
| github.com/alicebob/miniredis/v2 | v2.35.0 | - |
| github.com/argoproj/argo-cd/v3 | v3.1.9 | - |
| github.com/argoproj/gitops-engine | v0.7.1-0.20250905160054-e48120133eec | - |
| github.com/argoproj/notifications-engine | v0.4.1-0.20250309174002-87bf0576a872 | - |
| github.com/argoproj/pkg | v0.13.6 | - |
| github.com/argoproj/pkg/v2 | v2.0.1 | - |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | - |
| github.com/aws/aws-sdk-go | v1.55.7 | - |
| github.com/aws/aws-sdk-go-v2 | v1.36.3 | - |
| github.com/aws/aws-sdk-go-v2/config | v1.29.9 | - |
| github.com/aws/aws-sdk-go-v2/credentials | v1.17.62 | - |
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds | v1.16.30 | - |
| github.com/aws/aws-sdk-go-v2/internal/configsources | v1.3.34 | - |
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 | v2.6.34 | - |
| github.com/aws/aws-sdk-go-v2/internal/ini | v1.8.3 | - |
| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding | v1.12.3 | - |
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url | v1.12.15 | - |
| github.com/aws/aws-sdk-go-v2/service/sqs | v1.38.1 | - |
| github.com/aws/aws-sdk-go-v2/service/sso | v1.25.1 | - |
| github.com/aws/aws-sdk-go-v2/service/ssooidc | v1.29.1 | - |
| github.com/aws/aws-sdk-go-v2/service/sts | v1.33.17 | - |
| github.com/aws/smithy-go | v1.22.2 | - |
| github.com/beorn7/perks | v1.0.1 | - |
| github.com/blang/semver/v4 | v4.0.0 | - |
| github.com/bmatcuk/doublestar/v4 | v4.8.1 | - |
| github.com/bombsimon/logrusr/v4 | v4.1.0 | - |
| github.com/bradleyfalzon/ghinstallation/v2 | v2.16.0 | - |
| github.com/casbin/casbin/v2 | v2.107.0 | - |
| github.com/casbin/govaluate | v1.7.0 | - |
| github.com/cenkalti/backoff/v4 | v4.3.0 | - |
| github.com/cenkalti/backoff/v5 | v5.0.2 | - |
| github.com/cespare/xxhash/v2 | v2.3.0 | - |
| github.com/chai2010/gettext-go | v1.0.2 | - |
| github.com/chai2010/gettext-go | v1.0.3 | - |
| github.com/chainguard-dev/git-urls | v1.0.2 | - |
| github.com/cloudflare/circl | v1.6.1 | - |
| github.com/containerd/containerd | v1.7.28 | - |
| github.com/containerd/errdefs | v0.3.0 | - |
| github.com/containerd/log | v0.1.0 | - |
| github.com/containerd/platforms | v0.2.1 | - |
| github.com/coreos/go-oidc/v3 | v3.14.1 | - |
| github.com/cpuguy83/go-md2man/v2 | v2.0.6 | - |
| github.com/cyphar/filepath-securejoin | v0.4.1 | - |
| github.com/davecgh/go-spew | v1.1.1 | - |
| github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | - |
| github.com/desertbit/timer | v1.0.1 | - |
| github.com/dgryski/go-rendezvous | v0.0.0-20200823014737-9f7001d12a5f | - |
| github.com/distribution/reference | v0.6.0 | - |
| github.com/dlclark/regexp2 | v1.11.5 | - |
| github.com/dpotapov/go-spnego | v0.0.0-20210315154721-298b63a54430 | - |
| github.com/dustin/go-humanize | v1.0.1 | - |
| github.com/emicklei/go-restful/v3 | v3.11.0 | - |
| github.com/emicklei/go-restful/v3 | v3.12.2 | - |
| github.com/emirpasic/gods | v1.18.1 | - |
| github.com/evanphx/json-patch | v5.9.11+incompatible | - |
| github.com/evanphx/json-patch/v5 | v5.9.11 | - |
| github.com/exponent-io/jsonpath | v0.0.0-20210407135951-1de76d718b3f | - |
| github.com/expr-lang/expr | v1.17.5 | - |
| github.com/fatih/camelcase | v1.0.0 | - |
| github.com/fatih/color | v1.13.0 | - |
| github.com/felixge/httpsnoop | v1.0.4 | - |
| github.com/fsnotify/fsnotify | v1.9.0 | - |
| github.com/fxamacker/cbor/v2 | v2.7.0 | - |
| github.com/fxamacker/cbor/v2 | v2.8.0 | - |
| github.com/fxamacker/cbor/v2 | v2.9.0 | - |
| github.com/gfleury/go-bitbucket-v1 | v0.0.0-20240917142304-df385efaac68 | - |
| github.com/git-lfs/git-lfs/v3 | - | - |
| github.com/git-lfs/gitobj/v2 | v2.1.1 | - |
| github.com/git-lfs/go-netrc | v0.0.0-20250218165306-ba0029b43d11 | - |
| github.com/git-lfs/pktline | v0.0.0-20210330133718-06e9096e2825 | - |
| github.com/git-lfs/wildmatch/v2 | v2.0.1 | - |
| github.com/go-errors/errors | v1.4.2 | - |
| github.com/go-errors/errors | v1.5.1 | - |
| github.com/go-fed/httpsig | v1.1.0 | - |
| github.com/go-git/gcfg | v1.5.1-0.20230307220236-3a3c6141e376 | - |
| github.com/go-git/go-billy/v5 | v5.6.2 | - |
| github.com/go-git/go-git/v5 | v5.14.0 | - |
| github.com/go-gorp/gorp/v3 | v3.1.0 | - |
| github.com/go-jose/go-jose/v4 | v4.1.2 | - |
| github.com/go-logr/logr | v1.4.2 | - |
| github.com/go-logr/logr | v1.4.3 | - |
| github.com/go-logr/stdr | v1.2.2 | - |
| github.com/go-openapi/analysis | v0.23.0 | - |
| github.com/go-openapi/errors | v0.22.0 | - |
| github.com/go-openapi/jsonpointer | v0.21.0 | - |
| github.com/go-openapi/jsonpointer | v0.21.1 | - |
| github.com/go-openapi/jsonreference | v0.20.2 | - |
| github.com/go-openapi/jsonreference | v0.21.0 | - |
| github.com/go-openapi/loads | v0.22.0 | - |
| github.com/go-openapi/runtime | v0.28.0 | - |
| github.com/go-openapi/spec | v0.21.0 | - |
| github.com/go-openapi/strfmt | v0.23.0 | - |
| github.com/go-openapi/swag | v0.23.0 | - |
| github.com/go-openapi/swag | v0.23.1 | - |
| github.com/go-openapi/validate | v0.24.0 | - |
| github.com/go-playground/webhooks/v6 | v6.4.0 | - |
| github.com/go-redis/cache/v9 | v9.0.0 | - |
| github.com/gobwas/glob | v0.2.3 | - |
| github.com/gofrs/flock | v0.12.1 | - |
| github.com/gogits/go-gogs-client | v0.0.0-20210131175652-1d7215cd8d85 | - |
| github.com/gogo/protobuf | v1.3.2 | - |
| github.com/golang-jwt/jwt/v4 | v4.5.2 | - |
| github.com/golang-jwt/jwt/v5 | v5.2.2 | - |
| github.com/golang/groupcache | v0.0.0-20241129210726-2c02b8208cf8 | - |
| github.com/golang/protobuf | v1.5.4 | - |
| github.com/google/btree | v1.1.3 | - |
| github.com/google/gnostic-models | v0.6.9 | - |
| github.com/google/gnostic-models | v0.7.0 | - |
| github.com/google/go-cmp | v0.7.0 | - |
| github.com/google/go-github/v69 | v69.2.0 | - |
| github.com/google/go-github/v72 | v72.0.0 | - |
| github.com/google/go-jsonnet | v0.21.0 | - |
| github.com/google/go-querystring | v1.1.0 | - |
| github.com/google/s2a-go | v0.1.9 | - |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | - |
| github.com/google/uuid | v1.6.0 | - |
| github.com/google/uuid | v1.6.1-0.20241114170450-2d3c2a9cc518 | - |
| github.com/googleapis/enterprise-certificate-proxy | v0.3.4 | - |
| github.com/googleapis/gax-go/v2 | v2.14.1 | - |
| github.com/gorilla/handlers | v1.5.2 | - |
| github.com/gorilla/websocket | v1.5.4-0.20250319132907-e064f32e3674 | - |
| github.com/gosimple/slug | v1.15.0 | - |
| github.com/gosimple/unidecode | v1.0.1 | - |
| github.com/gosuri/uitable | v0.0.4 | - |
| github.com/gregdel/pushover | v1.3.1 | - |
| github.com/gregjones/httpcache | v0.0.0-20190611155906-901d90724c79 | - |
| github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus | v1.1.0 | - |
| github.com/grpc-ecosystem/go-grpc-middleware/v2 | v2.3.2 | - |
| github.com/grpc-ecosystem/grpc-gateway | v1.16.0 | - |
| github.com/grpc-ecosystem/grpc-gateway/v2 | v2.26.3 | - |
| github.com/hashicorp/errwrap | v1.1.0 | - |
| github.com/hashicorp/go-cleanhttp | v0.5.2 | - |
| github.com/hashicorp/go-multierror | v1.1.1 | - |
| github.com/hashicorp/go-retryablehttp | v0.7.7 | - |
| github.com/hashicorp/go-uuid | v1.0.2 | - |
| github.com/hashicorp/go-version | v1.7.0 | - |
| github.com/huandu/xstrings | v1.5.0 | - |
| github.com/improbable-eng/grpc-web | v0.15.1-0.20230209220825-1d9bbb09a099 | - |
| github.com/itchyny/gojq | v0.12.17 | - |
| github.com/itchyny/timefmt-go | v0.1.6 | - |
| github.com/jbenet/go-context | v0.0.0-20150711004518-d14ea06fba99 | - |
| github.com/jcmturner/aescts/v2 | v2.0.0 | - |
| github.com/jcmturner/dnsutils/v2 | v2.0.0 | - |
| github.com/jcmturner/gofork | v1.0.0 | - |
| github.com/jcmturner/goidentity/v6 | v6.0.1 | - |
| github.com/jcmturner/gokrb5/v8 | v8.4.2 | - |
| github.com/jcmturner/rpc/v2 | v2.0.3 | - |
| github.com/jeremywohl/flatten | v1.0.2-0.20211013061545-07e4a09fb8e4 | - |
| github.com/jmespath/go-jmespath | v0.4.0 | - |
| github.com/jmhodges/clock | v1.2.0 | - |
| github.com/jmoiron/sqlx | v1.4.0 | - |
| github.com/jonboulle/clockwork | v0.4.0 | - |
| github.com/jonboulle/clockwork | v0.5.0 | - |
| github.com/josharian/intern | v1.0.0 | - |
| github.com/json-iterator/go | v1.1.12 | - |
| github.com/kballard/go-shellquote | v0.0.0-20180428030007-95032a82bc51 | - |
| github.com/kevinburke/ssh_config | v1.2.0 | - |
| github.com/klauspost/compress | v1.18.0 | - |
| github.com/ktrysmt/go-bitbucket | v0.9.86 | - |
| github.com/kylelemons/godebug | v1.1.0 | - |
| github.com/lann/builder | v0.0.0-20180802200727-47ae307949d0 | - |
| github.com/lann/ps | v0.0.0-20150810152359-62de8c46ede0 | - |
| github.com/leonelquinteros/gotext | v1.5.0 | - |
| github.com/lib/pq | v1.10.9 | - |
| github.com/liggitt/tabwriter | v0.0.0-20181228230101-89fcab3d43de | - |
| github.com/lithammer/dedent | v1.1.0 | - |
| github.com/mailru/easyjson | v0.7.7 | - |
| github.com/mailru/easyjson | v0.9.0 | - |
| github.com/mattn/go-colorable | v0.1.13 | - |
| github.com/mattn/go-isatty | v0.0.17 | - |
| github.com/mattn/go-isatty | v0.0.20 | - |
| github.com/mattn/go-isatty | v0.0.4 | - |
| github.com/mattn/go-runewidth | v0.0.9 | - |
| github.com/mattn/go-zglob | v0.0.6 | - |
| github.com/microsoft/azure-devops-go-api/azuredevops/v7 | v7.1.1-0.20241014080628-3045bdf43455 | - |
| github.com/minio/blake2b-simd | v0.0.0-20160723061019-3f5f724cb5b1 | - |
| github.com/mitchellh/copystructure | v1.2.0 | - |
| github.com/mitchellh/go-wordwrap | v1.0.1 | - |
| github.com/mitchellh/mapstructure | v1.5.0 | - |
| github.com/mitchellh/reflectwalk | v1.0.2 | - |
| github.com/moby/spdystream | v0.5.0 | - |
| github.com/moby/term | v0.5.0 | - |
| github.com/moby/term | v0.5.2 | - |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | - |
| github.com/modern-go/reflect2 | v1.0.2 | - |
| github.com/modern-go/reflect2 | v1.0.3-0.20250322232337-35a7c28c31ee | - |
| github.com/monochromegane/go-gitignore | v0.0.0-20200626010858-205db1a8cc00 | - |
| github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | - |
| github.com/mxk/go-flowrate | v0.0.0-20140419014527-cca7078d478f | - |
| github.com/oklog/ulid | v1.3.1 | - |
| github.com/olekukonko/ts | v0.0.0-20171002115256-78ecb04241c0 | - |
| github.com/opencontainers/go-digest | v1.0.0 | - |
| github.com/opencontainers/image-spec | v1.1.1 | - |
| github.com/opsgenie/opsgenie-go-sdk-v2 | v1.2.23 | - |
| github.com/patrickmn/go-cache | v2.1.1-0.20191004192108-46f407853014+incompatible | - |
| github.com/peterbourgon/diskv | v2.0.1+incompatible | - |
| github.com/pjbgf/sha1cd | v0.3.2 | - |
| github.com/pkg/browser | v0.0.0-20240102092130-5ac0b6a4141c | - |
| github.com/pkg/errors | v0.0.0-20170505043639-c605e284fe17 | - |
| github.com/pkg/errors | v0.9.1 | - |
| github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | - |
| github.com/prometheus/client_golang | v1.22.0 | - |
| github.com/prometheus/client_model | v0.6.1 | - |
| github.com/prometheus/client_model | v0.6.2 | - |
| github.com/prometheus/common | v0.62.0 | - |
| github.com/prometheus/common | v0.64.0 | - |
| github.com/prometheus/procfs | v0.15.1 | - |
| github.com/prometheus/procfs | v0.16.1 | - |
| github.com/r3labs/diff/v3 | v3.0.1 | - |
| github.com/redis/go-redis/v9 | v9.8.0 | - |
| github.com/robfig/cron/v3 | v3.0.2-0.20210106135023-bc59245fe10e | - |
| github.com/rs/cors | v1.11.1 | - |
| github.com/rubenv/sql-migrate | v1.8.0 | - |
| github.com/rubyist/tracerx | v0.0.0-20170927163412-787959303086 | - |
| github.com/russross/blackfriday/v2 | v2.1.0 | - |
| github.com/santhosh-tekuri/jsonschema/v6 | v6.0.2 | - |
| github.com/sergi/go-diff | v1.2.0 | - |
| github.com/sergi/go-diff | v1.3.2-0.20230802210424-5b0b94c5c0d3 | - |
| github.com/shopspring/decimal | v1.4.0 | - |
| github.com/sirupsen/logrus | v1.9.3 | - |
| github.com/skeema/knownhosts | v1.3.1 | - |
| github.com/skratchdot/open-golang | v0.0.0-20200116055534-eef842397966 | - |
| github.com/slack-go/slack | v0.16.0 | - |
| github.com/soheilhy/cmux | v0.1.5 | - |
| github.com/spf13/cast | v1.7.0 | - |
| github.com/spf13/cast | v1.7.1 | - |
| github.com/spf13/cobra | v1.10.1 | - |
| github.com/spf13/cobra | v1.7.0 | - |
| github.com/spf13/cobra | v1.8.0 | - |
| github.com/spf13/cobra | v1.8.1 | - |
| github.com/spf13/cobra | v1.9.1 | - |
| github.com/spf13/pflag | v1.0.5 | - |
| github.com/spf13/pflag | v1.0.6 | - |
| github.com/spf13/pflag | v1.0.9 | - |
| github.com/ssgelm/cookiejarparser | v1.0.1 | - |
| github.com/stretchr/testify | v1.10.0 | - |
| github.com/valyala/bytebufferpool | v1.0.0 | - |
| github.com/valyala/fasttemplate | v1.2.2 | - |
| github.com/vmihailenco/go-tinylfu | v0.2.2 | - |
| github.com/vmihailenco/msgpack/v5 | v5.4.1 | - |
| github.com/vmihailenco/tagparser/v2 | v2.0.0 | - |
| github.com/x448/float16 | v0.8.4 | - |
| github.com/xanzy/ssh-agent | v0.3.3 | - |
| github.com/xlab/treeprint | v1.2.0 | - |
| github.com/yuin/gopher-lua | v1.1.1 | - |
| gitlab.com/gitlab-org/api/client-go | v0.130.1 | - |
| gmp | 6.3.0-r4 | (LGPL-3.0-or-later OR GPL-2.0-or-later) |
| gnupg | 2.4.8-r1 | GPL-3.0-or-later |
| gnupg-dirmngr | 2.4.8-r1 | GPL-3.0-or-later |
| gnupg-gpgconf | 2.4.8-r1 | GPL-3.0-or-later |
| gnupg-keyboxd | 2.4.8-r1 | GPL-3.0-or-later |
| gnupg-utils | 2.4.8-r1 | GPL-3.0-or-later |
| gnupg-wks-client | 2.4.8-r1 | GPL-3.0-or-later |
| gnutls | 3.8.8-r0 | LGPL-2.1-or-later |
| go.mongodb.org/mongo-driver | v1.17.1 | - |
| go.opentelemetry.io/auto/sdk | v1.1.0 | - |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.60.0 | - |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.59.0 | - |
| go.opentelemetry.io/otel | v1.33.0 | - |
| go.opentelemetry.io/otel | v1.36.0 | - |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.36.0 | - |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.36.0 | - |
| go.opentelemetry.io/otel/metric | v1.36.0 | - |
| go.opentelemetry.io/otel/sdk | v1.36.0 | - |
| go.opentelemetry.io/otel/trace | v1.33.0 | - |
| go.opentelemetry.io/otel/trace | v1.36.0 | - |
| go.opentelemetry.io/proto/otlp | v1.6.0 | - |
| go.uber.org/automaxprocs | v1.6.0 | - |
| go.yaml.in/yaml/v2 | v2.4.2 | - |
| go.yaml.in/yaml/v3 | v3.0.3 | - |
| go.yaml.in/yaml/v3 | v3.0.4 | - |
| golang.org/x/crypto | v0.39.0 | - |
| golang.org/x/crypto | v0.41.0 | - |
| golang.org/x/crypto | v0.42.0 | - |
| golang.org/x/net | v0.38.0 | - |
| golang.org/x/net | v0.41.0 | - |
| golang.org/x/net | v0.42.0 | - |
| golang.org/x/net | v0.43.0 | - |
| golang.org/x/oauth2 | v0.27.0 | - |
| golang.org/x/oauth2 | v0.30.0 | - |
| golang.org/x/sync | v0.12.0 | - |
| golang.org/x/sync | v0.15.0 | - |
| golang.org/x/sync | v0.16.0 | - |
| golang.org/x/sync | v0.17.0 | - |
| golang.org/x/sys | v0.31.0 | - |
| golang.org/x/sys | v0.33.0 | - |
| golang.org/x/sys | v0.35.0 | - |
| golang.org/x/sys | v0.36.0 | - |
| golang.org/x/term | v0.30.0 | - |
| golang.org/x/term | v0.32.0 | - |
| golang.org/x/term | v0.34.0 | - |
| golang.org/x/text | v0.21.0 | - |
| golang.org/x/text | v0.23.0 | - |
| golang.org/x/text | v0.26.0 | - |
| golang.org/x/text | v0.28.0 | - |
| golang.org/x/text | v0.30.0 | - |
| golang.org/x/time | v0.12.0 | - |
| golang.org/x/time | v0.9.0 | - |
| gomodules.xyz/envconfig | v1.3.1-0.20190308184047-426f31af0d45 | - |
| gomodules.xyz/jsonpatch/v2 | v2.4.0 | - |
| gomodules.xyz/notify | v0.1.1 | - |
| google.golang.org/api | v0.223.0 | - |
| google.golang.org/genproto | v0.0.0-20240213162025-012b6fc9bca9 | - |
| google.golang.org/genproto/googleapis/api | v0.0.0-20250519155744-55703ea1f237 | - |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20250303144028-a0af3efb3deb | - |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20250519155744-55703ea1f237 | - |
| google.golang.org/grpc | v1.72.1 | - |
| google.golang.org/grpc | v1.73.0 | - |
| google.golang.org/protobuf | v1.36.1 | - |
| google.golang.org/protobuf | v1.36.5 | - |
| google.golang.org/protobuf | v1.36.6 | - |
| gopkg.in/evanphx/json-patch.v4 | v4.12.0 | - |
| gopkg.in/gomail.v2 | v2.0.0-20160411212932-81ebce5c23df | - |
| gopkg.in/inf.v0 | v0.9.1 | - |
| gopkg.in/warnings.v0 | v0.1.2 | - |
| gopkg.in/yaml.v2 | v2.4.0 | - |
| gopkg.in/yaml.v3 | v3.0.1 | - |
| gpg | 2.4.8-r1 | GPL-3.0-or-later |
| gpg-agent | 2.4.8-r1 | GPL-3.0-or-later |
| gpg-wks-server | 2.4.8-r1 | GPL-3.0-or-later |
| gpgsm | 2.4.8-r1 | GPL-3.0-or-later |
| gpgv | 2.4.8-r1 | GPL-3.0-or-later |
| heimdal-libs | 7.8.0-r5 | BSD-3-Clause |
| helm | 3.19.0-r0 | Apache-2.0 |
| helm.sh/helm/v3 | v0.0.0-20250905035149-3d8990f08366 | - |
| k8s.io/api | - | - |
| k8s.io/api | v0.33.1 | - |
| k8s.io/api | v0.34.0 | - |
| k8s.io/apiextensions-apiserver | v0.33.1 | - |
| k8s.io/apiextensions-apiserver | v0.34.0 | - |
| k8s.io/apimachinery | - | - |
| k8s.io/apimachinery | v0.33.1 | - |
| k8s.io/apimachinery | v0.34.0 | - |
| k8s.io/apiserver | v0.33.1 | - |
| k8s.io/apiserver | v0.34.0 | - |
| k8s.io/cli-runtime | - | - |
| k8s.io/cli-runtime | v0.33.1 | - |
| k8s.io/cli-runtime | v0.34.0 | - |
| k8s.io/client-go | - | - |
| k8s.io/client-go | v0.33.1 | - |
| k8s.io/client-go | v0.34.0 | - |
| k8s.io/component-base | - | - |
| k8s.io/component-base | v0.33.1 | - |
| k8s.io/component-base | v0.34.0 | - |
| k8s.io/component-helpers | - | - |
| k8s.io/component-helpers | v0.33.1 | - |
| k8s.io/controller-manager | v0.33.1 | - |
| k8s.io/klog/v2 | v2.130.1 | - |
| k8s.io/kube-aggregator | v0.33.1 | - |
| k8s.io/kube-openapi | v0.0.0-20241212222426-2c72e554b1e7 | - |
| k8s.io/kube-openapi | v0.0.0-20250318190949-c8a335a9a2ff | - |
| k8s.io/kube-openapi | v0.0.0-20250610211856-8b98d1ed966a | - |
| k8s.io/kube-openapi | v0.0.0-20250710124328-f3f2b991d03b | - |
| k8s.io/kubectl | - | - |
| k8s.io/kubectl | v0.33.1 | - |
| k8s.io/kubectl | v0.34.0 | - |
| k8s.io/kubernetes | v1.33.4 | - |
| k8s.io/kubernetes | v1.33.5+dirty | - |
| k8s.io/metrics | - | - |
| k8s.io/utils | v0.0.0-20241104100929-3ea5e8cea738 | - |
| k8s.io/utils | v0.0.0-20250604170112-4c0f3b243397 | - |
| krb5-conf | 1.0-r2 | MIT |
| kubectl-1.33 | 1.33.5-r1 | Apache-2.0 |
| kubectl-1.33-default | 1.33.5-r1 | Apache-2.0 |
| kustomize | 5.7.1-r3 | Apache-2.0 |
| layeh.com/gopher-json | v0.0.0-20190114024228-97fed8db8427 | - |
| libassuan | 3.0.2-r0 | LGPL-2.1-or-later |
| libbz2 | 1.0.8-r6 | bzip2-1.0.6 |
| libcom_err | 1.47.3-r0 | (GPL-2.0-or-later AND LGPL-2.0-or-later AND BSD-3-Clause AND MIT) |
| libcrypto3 | 3.5.4-r0 | Apache-2.0 |
| libcurl | 8.16.0-r1 | curl |
| libedit | 20251016.3.1-r0 | BSD-3-Clause |
| libexpat | 2.7.3-r0 | MIT |
| libffi | 3.5.2-r0 | MIT |
| libgcrypt | 1.11.2-r0 | (LGPL-2.1-or-later AND GPL-2.0-or-later) |
| libgpg-error | 1.55-r0 | (GPL-2.0-or-later AND LGPL-2.1-or-later) |
| libidn2 | 2.3.8-r0 | (GPL-2.0-or-later OR LGPL-3.0-or-later) |
| libksba | 1.6.7-r0 | (LGPL-3.0-only AND GPL-2.0-only AND GPL-3.0-only) |
| libldap | 2.6.10-r0 | OLDAP-2.8 |
| libncursesw | 6.5_p20251010-r0 | X11 |
| libpsl | 0.21.5-r3 | MIT |
| libsasl | 2.1.28-r9 | (BSD-3-Clause-Attribution AND BSD-4-Clause) |
| libssl3 | 3.5.4-r0 | Apache-2.0 |
| libtasn1 | 4.20.0-r0 | LGPL-2.1-or-later |
| libunistring | 1.3-r0 | (GPL-2.0-or-later OR LGPL-3.0-or-later) |
| linux-pam | 1.7.1-r0 | BSD-3-Clause |
| musl | 1.2.5-r21 | MIT |
| ncurses-terminfo-base | 6.5_p20251010-r0 | X11 |
| nettle | 3.10.2-r0 | (GPL-2.0-or-later OR LGPL-3.0-or-later) |
| nghttp2-libs | 1.67.1-r0 | MIT |
| nghttp3 | 1.11.0-r0 | MIT |
| nhooyr.io/websocket | v1.8.7 | - |
| npth | 1.8-r0 | LGPL-2.0-or-later |
| openssh | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-client-common | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-client-default | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-keygen | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-server | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-server-common | 10.2_p1-r0 | SSH-OpenSSH |
| openssh-sftp-server | 10.2_p1-r0 | SSH-OpenSSH |
| openssl | 3.5.4-r0 | Apache-2.0 |
| oras.land/oras-go/v2 | v2.6.0 | - |
| p11-kit | 0.25.5-r2 | BSD-3-Clause |
| pcre2 | 10.46-r0 | BSD-3-Clause |
| pinentry | 1.3.2-r0 | GPL-2.0-or-later |
| readline | 8.3.1-r0 | GPL-3.0-or-later |
| sigs.k8s.io/controller-runtime | v0.21.0 | - |
| sigs.k8s.io/json | v0.0.0-20241010143419-9aa6b5e7a4b3 | - |
| sigs.k8s.io/json | v0.0.0-20241014173422-cfa47c3a1cc8 | - |
| sigs.k8s.io/kustomize/api | - | - |
| sigs.k8s.io/kustomize/api | v0.19.0 | - |
| sigs.k8s.io/kustomize/api | v0.20.1 | - |
| sigs.k8s.io/kustomize/cmd/config | - | - |
| sigs.k8s.io/kustomize/kustomize/v5 | - | - |
| sigs.k8s.io/kustomize/kustomize/v5 | v5.6.0 | - |
| sigs.k8s.io/kustomize/kyaml | - | - |
| sigs.k8s.io/kustomize/kyaml | v0.19.0 | - |
| sigs.k8s.io/kustomize/kyaml | v0.20.1 | - |
| sigs.k8s.io/randfill | v1.0.0 | - |
| sigs.k8s.io/structured-merge-diff/v4 | v4.6.0 | - |
| sigs.k8s.io/structured-merge-diff/v4 | v4.7.0 | - |
| sigs.k8s.io/structured-merge-diff/v6 | v6.3.0 | - |
| sigs.k8s.io/yaml | v1.4.0 | - |
| sigs.k8s.io/yaml | v1.5.0 | - |
| sigs.k8s.io/yaml | v1.6.0 | - |
| skalibs-libs | 2.14.4.0-r0 | ISC |
| sqlite-libs | 3.50.4-r1 | blessing |
| ssl_client | 1.37.0-r24 | GPL-2.0-only |
| stdlib | go1.24.9 | BSD-3-Clause |
| stdlib | go1.25.2 | BSD-3-Clause |
| tini | 0.19.0-r3 | MIT |
| tzdata | 2025b-r0 | LicenseRef-Public-Domain |
| utmps-libs | 0.1.3.1-r0 | ISC |
| zlib | 1.3.1-r2 | Zlib |
| zstd-libs | 1.5.7-r2 | (BSD-3-Clause OR GPL-2.0-or-later) |
APACHE-2.0 (permissive)
The Apache License 2.0 is also a permissive license, similar to the MIT License, but with additional protections related... Show more
BLESSING (permissive)
The SQLite Blessing (BLESSING) is a public domain dedication used by the SQLite project. The author disclaims copyright ... Show more
BSD-3-CLAUSE (permissive)
The BSD 3-Clause License is another permissive license originating from the Berkeley Software Distribution (BSD). It all... Show more
BZIP2-1.0.6 (permissive)
The bzip2 and libbzip2 licenses are permissive open source licenses, allowing use, modification, and distribution with m... Show more
CURL (permissive)
The CURL license is a permissive open source license that allows users to use, modify, and distribute the software freel... Show more
GPL-2.0 (strong-copyleft)
The GNU General Public License version 2 (GPL-2.0) is a strict copyleft license. If you modify and distribute software l... Show more
GPL-3.0 (strong-copyleft)
GPL-3.0 builds upon GPL-2.0 by adding clauses to address modern concerns such as software patents, tivoization (restrict... Show more
ISC (permissive)
The ISC License is functionally similar to the MIT and BSD licenses but written in simpler language. It's favored for it... Show more
LGPL-2.1 (copyleft)
The LGPL is a more permissive variant of the GPL. It allows developers to link to (use) the LGPL-licensed library in the... Show more
MIT (permissive)
The MIT License is a highly permissive open-source license. It allows users to do almost anything with a project, includ... Show more
X11 (permissive)
The X11 License (also known as the MIT/X11 License) is a permissive license that allows users to use, modify, and distri... Show more
ZLIB (permissive)
The zlib License is a permissive license that allows users to use, modify, and distribute the software freely. It's simi... Show more
| CVE | Severity | Package | Version | Fixed In | |
|---|---|---|---|---|---|
| CVE-2019-25210 | Medium | helm | 3.19.0-r0 | Not fixed | |
|
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
|
|||||
| CVE-2024-10041 | Medium | linux-pam | 1.7.1-r0 | Not fixed | |
|
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
|
|||||
| CVE-2025-30258 | Medium | gnupg | 2.4.8-r1 | Not fixed | |
|
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
|
|||||
| CVE-2025-46394 | Low | busybox | 1.37.0-r24 | Not fixed | |
|
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
|
|||||
| CVE-2024-58251 | Low | busybox | 1.37.0-r24 | Not fixed | |
|
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
|
|||||
| CVE-2022-3219 | Low | gnupg | 2.4.8-r1 | Not fixed | |
|
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
|
|||||
Compare Images
Image comparison functionality will be implemented in a future release.