With regard to the esri statement:
"In order to maintain code stability and compatibility, Esri usually does not rebase packages to entirely new versions. Instead, we backport fixes to an older version of the software we distribute. This can result in some security scanners that only consider the package version to report the package as vulnerable. To avoid this, we suggest that you use an OVAL-compatible security scanner like OpenSCAP."
we ask ourselves if esri maintains an own OVAL-repo or which one is recommended to use with ArcGIS Enterprise on Kubernetes based on Ubuntu ( Ubuntu Oval | Security | Ubuntu ) ?
