Skip to main content

Argo CD Security-Hardened Images

Security Scan 2024-11-18

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.

Akuity v2.13.0-distroless vs Argo CD v2.13.0

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.13.0-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (0)

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1

Akuity v2.12.7-distroless vs Argo CD v2.12.7

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.12.7-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/docker/dockerCVE-2024-41110CRITICALv25.0.5+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICALv1.21.101.21.11, 1.22.4
stdlibCVE-2024-34156HIGHv1.21.101.22.7, 1.23.1

Akuity v2.11.12-distroless vs Argo CD v2.11.12

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.11.12-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
stdlibCVE-2024-24790CRITICALv1.21.101.21.11, 1.22.4
stdlibCVE-2024-34156HIGHv1.21.101.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/docker/dockerCVE-2024-41110CRITICALv24.0.9+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
stdlibCVE-2024-24790CRITICALv1.21.91.21.11, 1.22.4
stdlibCVE-2024-34156HIGHv1.21.91.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (4)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICALv1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGHv1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2023-45288HIGHv1.20.101.21.9, 1.22.2
stdlibCVE-2024-34156HIGHv1.20.101.22.7, 1.23.1