Vulnerability Impact Assessment
Target Image: ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5
Scanner: Trivy v0.70.0 | Strategy: Zero-CVE Enforcement
Threat Landscape Overview
-
Total CVEs Found --- 0 Detected in Image Layers
-
Packages Analyzed --- 20 Total Dependencies
Software Bill of Materials (SBOM)
-
Critical / High --- 0 Requires Immediate Patching
-
Medium / Low --- 0 Risk Mitigation Required
Zero-CVE State Confirmed
Impeccable Security Posture: No known vulnerabilities (CVEs) were detected in the 20 analyzed packages. This image represents the Gold Standard for production deployment.
Severity Distribution
Clean Security Signature
No active threats detected in the 20 analyzed components.
This image satisfies the Zero-Vulnerability deployment threshold.
Detailed Forensic Log
Clean Component Manifest
All installed packages have been cross-referenced with the Wolfi Security Database. No actionable vulnerabilities were found in the current build layers.
Traceability Metadata
These identifiers ensure the integrity and reproducibility of this specific security audit.
| Field | Value |
|---|---|
| Artifact Name | ghcr.io/taha2samy/wolfi-openssl-fips:3.5.5 |
| Image Digest | sha256:d4b24f4c223156af44c3a10e8df7c4133d4f737b9c80715596ebea457d3df758 |
| Scanner Engine | Trivy v0.70.0 |
| Report Generated | 2026-05-10T02:37:44.052564171Z |
| Audit Status | PASSED |
Remediation Guidance
No remediation required. System is at peak security posture.
Clean Slate Policy
The Audit Status: PASSED confirms that the image contains zero known vulnerabilities. No manual intervention is required.
Software Bill of Materials (SBOM)
This inventory provides a granular list of all system-level and application-level components installed within the image layers.
| Package Name | Version | Licenses | Classification |
|---|---|---|---|
bash |
5.3-r12 |
GPL-3.0-or-later | System (Wolfi) |
busybox |
1.37.0-r57 |
GPL-2.0-only | System (Wolfi) |
ca-certificates |
20260413-r0 |
MPL-2.0, MIT | System (Wolfi) |
ca-certificates-bundle |
20260413-r0 |
MPL-2.0, MIT | System (Wolfi) |
glibc |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
glibc-locale-posix |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
ld-linux |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
libcrypt1 |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
libcrypto3 |
3.6.2-r5 |
Apache-2.0 | System (Wolfi) |
libgcc |
15.2.0-r11 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System (Wolfi) |
libstdc++ |
15.2.0-r11 |
GPL-3.0-or-later WITH GCC-exception-3.1 | System (Wolfi) |
libxcrypt |
4.5.2-r2 |
GPL-2.0-or-later, LGPL-2.1-or-later | System (Wolfi) |
ncurses |
6.6.20260502-r0 |
MIT | System (Wolfi) |
ncurses-terminfo-base |
6.6.20260502-r0 |
MIT | System (Wolfi) |
posix-libc-utils |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
posix-libc-utils-bin |
2.43-r7 |
LGPL-2.1-or-later | System (Wolfi) |
tzdata |
2026b-r0 |
CC-PDDC | System (Wolfi) |
wolfi-baselayout |
20230201-r29 |
MIT | System (Wolfi) |
wolfi-keys |
1-r13 |
MIT | System (Wolfi) |
zlib |
1.3.2-r3 |
MPL-2.0, MIT | System (Wolfi) |
| --- |
License & Inventory Summary
- Total Verified Components:
20Packages. - Audit Method: Static analysis of container rootfs via Trivy.
- Data Integrity: Cross-referenced with the official Wolfi OS advisory database.
Security Transparency & SLSA Compliance
This Software Bill of Materials (SBOM) is a core requirement for meeting SLSA Level 3 standards. It ensures absolute transparency in cryptographic workloads. Download SBOM JSON