Skip to main content

Argo CD Security-Hardened Images

Security Scan 2024-07-15

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.


Akuity v2.11.4-distroless vs Argo CD v2.11.4

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.11.4-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4

usr/local/bin/helm

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.21.91.21.11, 1.22.4

usr/local/bin/kustomize

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2023-45288HIGH1.20.101.21.9, 1.22.2

Akuity v2.10.13-distroless vs Argo CD v2.10.13

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.10.13-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4

usr/local/bin/helm

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.21.91.21.11, 1.22.4

usr/local/bin/kustomize

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2023-45288HIGH1.20.101.21.9, 1.22.2

Akuity v2.9.18-distroless vs Argo CD v2.9.18

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.9.18-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (5)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcCVE-2023-47108HIGHv0.42.00.46.0
google.golang.org/grpcGHSA-m425-mq94-257gHIGHv1.56.21.56.3, 1.57.1, 1.58.3
k8s.io/kubernetesCVE-2023-5528HIGHv1.24.171.28.4, 1.27.8, 1.26.11, 1.25.16
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4

usr/local/bin/helm

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2023-45288HIGH1.20.101.21.9, 1.22.2

usr/local/bin/kustomize

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2023-45288HIGH1.20.101.21.9, 1.22.2