Vulnerability Assessment (Development SDK)
Target Artifact: ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5-dev
Scanner Engine: Trivy v0.69.3 | Compliance: Zero-CVE Target
SDK Threat Landscape
-
Total CVEs Found --- 0 Detected in SDK Layers
-
Build Tools Scanned --- 68 Total Components Compilers, Libs & Headers
-
Critical / High --- 0 Immediate Action Required
-
Medium / Low --- 0 Scheduled Maintenance
SDK Zero-CVE State Confirmed
Secure Build Foundation: No vulnerabilities were detected in the development toolkit. This ensures a clean chain of custody for applications compiled against this FIPS module.
Severity Distribution
🛡️
Clean SDK Audit: No Vulnerabilities
Detailed Forensic Log
Traceability Metadata
| Field | Value |
|---|---|
| Artifact Name | ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5-dev |
| Image Digest | sha256:36fb18a50970073e8b000f417b0d892a5a7919b2eba60f51fae4e2fe5e5bb825 |
| Report Generated | {{ created_at }} |
| Audit Status | PASSED |
Full SDK Inventory (SBOM)
| Package Name | Version | Licenses | Classification |
|---|---|---|---|
bash |
5.3-r5 |
GPL-3.0-or-later | System |
binutils |
2.46-r1 |
GPL-2.0-only | System |
build-base |
1-r9 |
MIT | System |
busybox |
1.37.0-r54 |
GPL-2.0-only | System |
ca-certificates |
20251003-r3 |
MPL-2.0, MIT | System |
ca-certificates-bundle |
20251003-r3 |
MPL-2.0, MIT | System |
curl |
8.18.0-r3 |
MIT | System |
cyrus-sasl |
2.1.28-r46 |
BSD-3-Clause | System |
gcc |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
gdbm |
1.26-r2 |
GPL-3.0-or-later | System |
glibc |
2.43-r2 |
LGPL-2.1-or-later | System |
glibc-dev |
2.43-r2 |
LGPL-2.1-or-later | System |
glibc-locale-posix |
2.43-r2 |
LGPL-2.1-or-later | System |
gmp |
6.3.0-r8 |
LGPL-3.0-or-later, GPL-2.0-or-later | System |
heimdal-libs |
7.8.0-r43 |
BSD-3-Clause | System |
isl |
0.27-r5 |
MIT | System |
jq |
1.8.1-r3 |
MIT | System |
keyutils-libs |
1.6.3-r38 |
GPL-2.0-or-later, LGPL-2.0-or-later | System |
krb5-conf |
1.0-r8 |
MIT | System |
krb5-libs |
1.22.2-r1 |
MIT | System |
ld-linux |
2.43-r2 |
LGPL-2.1-or-later | System |
libatomic |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libbrotlicommon1 |
1.2.0-r1 |
MIT | System |
libbrotlidec1 |
1.2.0-r1 |
MIT | System |
libcom_err |
1.47.3-r3 |
GPL-2.0-or-later, LGPL-2.0-or-later, BSD-3-Clause, MIT | System |
libcrypt1 |
2.43-r2 |
LGPL-2.1-or-later | System |
libcrypto3 |
3.6.1-r2 |
Apache-2.0 | System |
libcurl-openssl4 |
8.18.0-r3 |
MIT | System |
libgcc |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libgomp |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libidn2 |
2.3.8-r4 |
GPL-2.0-or-later, LGPL-3.0-or-later | System |
libldap |
2.6.10-r5 |
OLDAP-2.8 | System |
libnghttp2-14 |
1.68.0-r1 |
MIT | System |
libpsl |
0.21.5-r7 |
MIT | System |
libquadmath |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libssl3 |
3.6.1-r2 |
Apache-2.0 | System |
libstdc++ |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libstdc++-dev |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System |
libunistring |
1.4.2-r0 |
GPL-2.0-or-later, LGPL-3.0-or-later | System |
libverto |
0.3.2-r6 |
MIT | System |
libxcrypt |
4.5.2-r2 |
GPL-2.0-or-later, LGPL-2.1-or-later | System |
libxcrypt-dev |
4.5.2-r2 |
GPL-2.0-or-later, LGPL-2.1-or-later | System |
libzstd1 |
1.5.7-r7 |
BSD-2-Clause, GPL-2.0-only | System |
linux-headers |
6.19.6-r0 |
GPL-2.0-only WITH Linux-syscall-note | System |
make |
4.4.1-r9 |
GPL-3.0-or-later | System |
mpc |
1.3.1-r7 |
LGPL-3.0-or-later | System |
mpfr |
4.2.2-r2 |
LGPL-3.0-or-later | System |
ncurses |
6.6_p20251230-r5 |
MIT | System |
ncurses-terminfo-base |
6.6_p20251230-r5 |
MIT | System |
nghttp3 |
1.15.0-r1 |
MIT | System |
nss-db |
2.43-r2 |
LGPL-2.1-or-later | System |
nss-hesiod |
2.43-r2 |
LGPL-2.1-or-later | System |
oniguruma |
6.9.10-r2 |
BSD-2-Clause | System |
openssf-compiler-options |
20250904-r4 |
CC-BY-4.0 | System |
pcre |
8.45-r7 |
BSD-3-Clause | System |
pcre-dev |
8.45-r7 |
BSD-3-Clause | System |
pkgconf |
2.5.1-r1 |
ISC | System |
posix-cc-wrappers |
2-r8 |
MIT | System |
posix-libc-utils |
2.43-r2 |
LGPL-2.1-or-later | System |
posix-libc-utils-bin |
2.43-r2 |
LGPL-2.1-or-later | System |
readline |
8.3-r1 |
GPL-3.0-or-later | System |
sqlite-libs |
3.51.1-r0 |
blessing | System |
tzdata |
2026a-r0 |
CC-PDDC | System |
unzip |
6.0-r5 |
Info-ZIP | System |
wolfi-baselayout |
20230201-r28 |
MIT | System |
wolfi-keys |
1-r13 |
MIT | System |
zlib |
1.3.2-r1 |
MPL-2.0, MIT | System |
zlib-dev |
1.3.2-r1 |
MPL-2.0, MIT | System |
| --- |
Security Transparency & SLSA Compliance
The full signed SBOM for the Development SDK is available for download. Download SDK SBOM JSON