vulnerabilities in every docker image #764
Comments
|
It looks like most of them are related to debian:jessie but it looks embarrassing that there are so many vulnerabilities. Perhaps someone can investigate further if this is a false positive and give a clear explanation. |
|
This comes up from time to time. See also: #374 The TLDR; is that the Docker Hubs reporting of vulnerabilities isn't entirely accurate. For example CVE-2017-16997 is flagged as "no-dsa"/"Minor issue" by the Debian Security team and are not actively fixing it |
|
Closing as the Security reporting instructions was added to https://github.com/nodejs/docker-node/blob/master/SECURITY.md |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The docker scanned images in docker hub are reporting severe vulnerabilities in almost every image. Not sure if this is a false positive but I believe it needs to be investigated.
I am attaching screenshot to demonstrate the issue.
The text was updated successfully, but these errors were encountered: