Argo CD Security-Hardened Images

Security Scan 2024-07-22

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.

Akuity v2.11.5-distroless vs Argo CD v2.11.5

Full list of open source Argo CD vulnerabilities in this release

`quay.io/akuity/argocd:v2.11.5-distroless`

Vulnerabilities (0)

`usr/local/bin/argocd`

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`github.com/cloudflare/circl`	GHSA-9763-4f94-gfch	HIGH	v1.3.3	1.3.7
`stdlib`	CVE-2024-24790	CRITICAL	1.21.10	1.21.11, 1.22.4

`usr/local/bin/helm`

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.21.9	1.21.11, 1.22.4

`usr/local/bin/kustomize`

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.20.10	1.21.11, 1.22.4
`stdlib`	CVE-2023-45283	HIGH	1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
`stdlib`	CVE-2023-45288	HIGH	1.20.10	1.21.9, 1.22.2

Akuity v2.10.14-distroless vs Argo CD v2.10.14

Full list of open source Argo CD vulnerabilities in this release

`quay.io/akuity/argocd:v2.10.14-distroless`

Vulnerabilities (0)

`usr/local/bin/argocd`

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`github.com/cloudflare/circl`	GHSA-9763-4f94-gfch	HIGH	v1.3.3	1.3.7
`stdlib`	CVE-2024-24790	CRITICAL	1.21.10	1.21.11, 1.22.4

`usr/local/bin/helm`

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.21.9	1.21.11, 1.22.4

`usr/local/bin/kustomize`

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.20.10	1.21.11, 1.22.4
`stdlib`	CVE-2023-45283	HIGH	1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
`stdlib`	CVE-2023-45288	HIGH	1.20.10	1.21.9, 1.22.2

Akuity v2.9.19-distroless vs Argo CD v2.9.19

Full list of open source Argo CD vulnerabilities in this release

`quay.io/akuity/argocd:v2.9.19-distroless`

Vulnerabilities (0)

`usr/local/bin/argocd`

Vulnerabilities (5)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`github.com/cloudflare/circl`	GHSA-9763-4f94-gfch	HIGH	v1.3.3	1.3.7
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`	CVE-2023-47108	HIGH	v0.42.0	0.46.0
`google.golang.org/grpc`	GHSA-m425-mq94-257g	HIGH	v1.56.2	1.56.3, 1.57.1, 1.58.3
`k8s.io/kubernetes`	CVE-2023-5528	HIGH	v1.24.17	1.28.4, 1.27.8, 1.26.11, 1.25.16
`stdlib`	CVE-2024-24790	CRITICAL	1.21.10	1.21.11, 1.22.4

`usr/local/bin/helm`

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.20.10	1.21.11, 1.22.4
`stdlib`	CVE-2023-45283	HIGH	1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
`stdlib`	CVE-2023-45288	HIGH	1.20.10	1.21.9, 1.22.2

`usr/local/bin/kustomize`

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
`stdlib`	CVE-2024-24790	CRITICAL	1.20.10	1.21.11, 1.22.4
`stdlib`	CVE-2023-45283	HIGH	1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
`stdlib`	CVE-2023-45288	HIGH	1.20.10	1.21.9, 1.22.2

Security Scan 2024-07-22​

Akuity v2.11.5-distroless vs Argo CD v2.11.5​

quay.io/akuity/argocd:v2.11.5-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/helm

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/kustomize

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Akuity v2.10.14-distroless vs Argo CD v2.10.14​

quay.io/akuity/argocd:v2.10.14-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/helm

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/kustomize

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Akuity v2.9.19-distroless vs Argo CD v2.9.19​

quay.io/akuity/argocd:v2.9.19-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (5)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/helm

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

usr/local/bin/kustomize

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Security Scan 2024-07-22

Akuity v2.11.5-distroless vs Argo CD v2.11.5

`quay.io/akuity/argocd:v2.11.5-distroless`

`usr/local/bin/argocd`

`usr/local/bin/helm`

`usr/local/bin/kustomize`

Akuity v2.10.14-distroless vs Argo CD v2.10.14

`quay.io/akuity/argocd:v2.10.14-distroless`

`usr/local/bin/argocd`

`usr/local/bin/helm`

`usr/local/bin/kustomize`

Akuity v2.9.19-distroless vs Argo CD v2.9.19

`quay.io/akuity/argocd:v2.9.19-distroless`

`usr/local/bin/argocd`

`usr/local/bin/helm`

`usr/local/bin/kustomize`