Greetings,
There's some security tooling that considers the existence of the go-redis/examples/throughput binary to be a threat because of the version of Go with which it was built.
For our use-cases this considered not a true threat as the binary is not in any attack path.
As a matter of thoroughness, I'd still like to register this to ask if this binary should be here. If it should, could it be rebuilt with the latest version of Go?
If it should not present, or perhaps be replaced with the source code and not the binary, then I'd like to request that happen in a future release.
This gives application security teams (and respective scanning tools) a natural junction to audit finding, ignore rules, and advise teams to update their dependencies to the version that no longer throws such findings.
Thanks!
Greetings,
There's some security tooling that considers the existence of the go-redis/examples/throughput binary to be a threat because of the version of Go with which it was built.
For our use-cases this considered not a true threat as the binary is not in any attack path.
As a matter of thoroughness, I'd still like to register this to ask if this binary should be here. If it should, could it be rebuilt with the latest version of Go?
If it should not present, or perhaps be replaced with the source code and not the binary, then I'd like to request that happen in a future release.
This gives application security teams (and respective scanning tools) a natural junction to audit finding, ignore rules, and advise teams to update their dependencies to the version that no longer throws such findings.
Thanks!