[Bug]: Security-Scan job found vulnerabilities in the latest docker image

[kagw95]

Describe the bug

Security-Scan job was added to the repository by DevOps team.
And, the 1st run produced a list of vulnerabilities found in the latest docker image (1.0.3 release).
Vulnerabilities can be viewed at:

• Security tab, then 'Vulnerability alerts' / 'Code scanning' on the left menu.

Also, files are attached to the issue.

Vulnerabilities should be analyzed, then fixed or planned to be fixed or dismissed due to some reason.

To Reproduce

Security-Scan job is executed by the schedule, each Sunday at 03-00 GMT+0.
Also, it can be invoked manually, via:

• Actions / Security scan docker packages,
• then 'Run workflow' button
• In the popup window, leave all fields unchanged to scan the latest tag/release, or enter full docker image link in the 'Docker image' field,
• then click 'Run workflow' button on the bottom of the popup.

Version

No response

Logs

trivy-qubership_testing_platform_itf_executor_transfer_latest.sarif.zip
trivy-qubership_testing_platform_itf_executor_latest.sarif.zip
grype-qubership_testing_platform_itf_executor_transfer_latest.sarif.zip
grype-qubership_testing_platform_itf_executor_latest.sarif.zip

Additional information

No response

[kagw95]

Snapshot build for internal build and QA regression testing:

• Version: 4.4.365-SNAPSHOT
• http://ghcr.io/netcracker/qubership-testing-platform-itf-executor-transfer:fix_security_1-20260212070428

PR: #79