Vulnerability Assessment (Distroless)
Target Image: ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5-distroless
Scanner: Trivy v0.69.3 | Profile: Production / Hardened
Threat Landscape Overview
-
Total CVEs Found --- 0 Production Risk Level
-
Minimal SBOM --- 11 Total Components No Shell / No APK
-
Critical / High --- 0 Immediate Patching
-
Medium / Low --- 0 Risk Mitigation Required
Zero-CVE State Confirmed
Gold Standard Integrity: This Distroless image contains zero known vulnerabilities. Its minimal footprint and lack of shell environments provide the most secure foundation for production workloads.
Severity Distribution
🛡️
Verified Safe: No Threats Detected
Detailed Forensic Log
Traceability Metadata
| Field | Value |
|---|---|
| Artifact Name | ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5-distroless |
| Image Digest | sha256:cd00c8a7eebdc26a93721512ff868ffe1f3601ac0787ce456ac6043dadd54c44 |
| Scanner Engine | Trivy v0.69.3 |
| Audit Status | PASSED |
Distroless SBOM Inventory
| Package Name | Version | Licenses | Classification |
|---|---|---|---|
ca-certificates |
20251003-r3 |
MPL-2.0, MIT | Distroless Core |
ca-certificates-bundle |
20251003-r3 |
MPL-2.0, MIT | Distroless Core |
glibc |
2.43-r2 |
LGPL-2.1-or-later | Distroless Core |
glibc-locale-posix |
2.43-r2 |
LGPL-2.1-or-later | Distroless Core |
ld-linux |
2.43-r2 |
LGPL-2.1-or-later | Distroless Core |
libcrypto3 |
3.6.1-r2 |
Apache-2.0 | Distroless Core |
libgcc |
15.2.0-r10 |
GPL-3.0-or-later WITH GCC-exception-3.1 | Distroless Core |
tzdata |
2026a-r0 |
CC-PDDC | Distroless Core |
wolfi-baselayout |
20230201-r28 |
MIT | Distroless Core |
wolfi-keys |
1-r13 |
MIT | Distroless Core |
zlib |
1.3.2-r1 |
MPL-2.0, MIT | Distroless Core |
| --- |
Security Transparency & SLSA Compliance
The full signed SBOM for the Distroless image is available for download. Download Distroless SBOM JSON