Elastic APM Security Scan

88eighties88 · April 29, 2025, 7:30pm

I am running the 8.18.0 and/or 9.9.0 elastic/apm-server docker image through a trivy image security scan and it is flagging the apm-server binary for having a version that has a CVE. The version it is saying is installed is: v0.0.0-20250428043647-d0e3870e82a4+dirty instead of 8.18.0 or 9.9.0. Has anyone experienced this issue or know what might be causing it? I need a trivy image security scan to pass in order to use the image.

Topic		Replies	Views
Observability/apm-lambda-extension docker image causing vulnerabilities APM docker , nodejs , aws-lambda	9	365	February 8, 2024
APM Server 8.14.0 Security Update (ESA-2024-09) Security Announcements	0	794	August 15, 2024
Remedy for CVE-2018-8088 in elastic-apm-agent-1.21.0.jar? APM java	3	529	March 12, 2021
APM Server has still not connected to Elasticsearch (2, previous was closed) APM	12	2276	December 11, 2019
Vulnerabilities in docker image elasticsearch/elasticsearch:7.17.8 Elasticsearch docker	6	848	February 15, 2023

Elastic APM Security Scan

Related topics