promtail
Patched Monitoring & Observability
from
mirror.gcr.io/grafana/promtail
Pull Reference
ghcr.io/verity-org/grafana/promtail
docker pull ghcr.io/verity-org/grafana/promtail
Copa-Patched Image
Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance details
Signed
SLSA L3
SBOM
Rekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/grafana/promtail:3.6.6
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/grafana/promtail:3.6.6 \ --owner verity-org
Vulnerability Scan
Found 20 vulnerabilit ies in the original image. 2 fixed by Copa. 18 remaining after patching.
1CRITICAL3HIGH9MEDIUM7LOW
Fix available — pending patch
These vulnerabilities have upstream fixes but could not be automatically patched.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | v1.75.1 | 1.79.3 | CRITICAL |
| CVE-2026-34040 | github.com/docker/docker | v28.5.0+incompatible | 29.3.1 | HIGH |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | v1.38.0 | 1.40.0 | HIGH |
| CVE-2026-25679 | stdlib | v1.24.13 | 1.25.8, 1.26.1 | HIGH |
| CVE-2026-33997 | github.com/docker/docker | v28.5.0+incompatible | 29.3.1 | MEDIUM |
| CVE-2026-27142 | stdlib | v1.24.13 | 1.25.8, 1.26.1 | MEDIUM |
| CVE-2026-27139 | stdlib | v1.24.13 | 1.25.8, 1.26.1 | LOW |
Awaiting upstream fix
No fix is available yet for these vulnerabilities.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2025-68972 | gpgv | 2.4.4-2ubuntu17.4 | MEDIUM | |
| CVE-2025-8941 | libpam-modules | 1.5.3-5ubuntu5.5 | MEDIUM | |
| CVE-2025-8941 | libpam-modules-bin | 1.5.3-5ubuntu5.5 | MEDIUM | |
| CVE-2025-8941 | libpam-runtime | 1.5.3-5ubuntu5.5 | MEDIUM | |
| CVE-2025-8941 | libpam0g | 1.5.3-5ubuntu5.5 | MEDIUM | |
| CVE-2025-45582 | tar | 1.35+dfsg-3build1 | MEDIUM | |
| CVE-2016-2781 | coreutils | 9.4-3ubuntu6.1 | LOW | |
| CVE-2022-3219 | gpgv | 2.4.4-2ubuntu17.4 | LOW | |
| CVE-2024-2236 | libgcrypt20 | 1.10.3-2build1 | LOW | |
| CVE-2024-56433 | login | 1:4.13+dfsg1-4ubuntu3.2 | LOW | |
| CVE-2024-56433 | passwd | 1:4.13+dfsg1-4ubuntu3.2 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/grafana/promtail