Skip to main content

Argo CD Security-Hardened Images

Security Scan 2024-09-30

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.


Akuity v2.12.4-distroless vs Argo CD v2.12.4

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.12.4-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGH1.22.41.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGH1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/docker/dockerCVE-2024-41110CRITICALv25.0.5+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
stdlibCVE-2024-34156HIGH1.22.41.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4
stdlibCVE-2024-34156HIGH1.21.101.22.7, 1.23.1

Akuity v2.11.9-distroless vs Argo CD v2.11.9

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.11.9-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4
stdlibCVE-2024-34156HIGH1.21.101.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGH1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/docker/dockerCVE-2024-41110CRITICALv24.0.9+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
stdlibCVE-2024-24790CRITICAL1.21.91.21.11, 1.22.4
stdlibCVE-2024-34156HIGH1.21.91.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2024-34156HIGH1.20.101.22.7, 1.23.1

Akuity v2.10.17-distroless vs Argo CD v2.10.17

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.10.17-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/cloudflare/circlGHSA-9763-4f94-gfchHIGHv1.3.31.3.7
stdlibCVE-2024-24790CRITICAL1.21.101.21.11, 1.22.4
stdlibCVE-2024-34156HIGH1.21.101.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-34156HIGH1.21.131.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/docker/dockerCVE-2024-41110CRITICALv24.0.9+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
stdlibCVE-2024-24790CRITICAL1.21.91.21.11, 1.22.4
stdlibCVE-2024-34156HIGH1.21.91.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICAL1.20.101.21.11, 1.22.4
stdlibCVE-2023-45283HIGH1.20.101.20.11, 1.21.4, 1.20.12, 1.21.5
stdlibCVE-2024-34156HIGH1.20.101.22.7, 1.23.1