Giter Club home page Giter Club logo

Comments (6)

nicolaka avatar nicolaka commented on May 13, 2024 1

please re run test with latest image ( v0.7) as I upgraded to alpine 3.16

from netshoot.

Dentrax avatar Dentrax commented on May 13, 2024

It seems most of these are fixed 👍

NAME                                  INSTALLED                                                  FIXED-IN  TYPE       VULNERABILITY        SEVERITY
flock                                 2.38-r2                                                              apk        CVE-2010-3262        Medium
github.com/containerd/containerd      v1.4.1                                                     1.4.3     go-module  GHSA-36xw-fx78-c5r4  Medium
github.com/containerd/containerd      v1.4.1                                                     1.4.8     go-module  GHSA-c72p-9xmj-rx3w  Medium
github.com/containerd/containerd      v1.4.1                                                     1.5.13    go-module  GHSA-5ffw-gxpp-mxpf  Medium
github.com/containerd/containerd      v1.4.1                                                     1.4.11    go-module  GHSA-c2h3-6mxw-7mvq  Medium
github.com/containerd/containerd      v1.4.1                                                     1.4.13    go-module  GHSA-crp2-qrr5-8pq7  High
github.com/containerd/containerd      v1.4.1                                                     1.4.12    go-module  GHSA-5j5w-g665-5m35  Low
github.com/docker/docker              v20.10.0-beta1.0.20201113105859-b6bfff2a628f+incompatible            go-module  CVE-2021-21284       Medium
github.com/docker/docker              v20.10.0-beta1.0.20201113105859-b6bfff2a628f+incompatible            go-module  CVE-2021-21285       Medium
github.com/gogo/protobuf              v1.3.1                                                     1.3.2     go-module  GHSA-c3h9-896r-86jm  High
github.com/influxdata/influxdb        v0.0.0-20190102202943-dd481f35df2c                                   go-module  CVE-2018-17572       Medium
github.com/influxdata/influxdb        v0.0.0-20190102202943-dd481f35df2c                                   go-module  CVE-2019-20933       Critical
github.com/opencontainers/image-spec  v1.0.1                                                     1.0.2     go-module  GHSA-77vh-xpmg-72qh  Low
github.com/opencontainers/runc        v1.0.3                                                     1.1.2     go-module  GHSA-f3fp-gc8g-vw66  Medium
github.com/projectcalico/calico       (devel)                                                              go-module  CVE-2020-13597       Low
go.etcd.io/etcd                       v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b               3.4.0     go-module  GHSA-wf43-55jj-vwq8  Medium
google.golang.org/protobuf            v1.26.0                                                              go-module  CVE-2021-22570       High
google.golang.org/protobuf            v1.26.0                                                              go-module  CVE-2015-5237        High
httpie                                3.2.1                                                                python     CVE-2019-10751       High
scapy                                 git-archive.dev8b63d73a172                                 2.4.1     python     GHSA-mpf2-q34c-fc6j  High

from netshoot.

programmer04 avatar programmer04 commented on May 13, 2024

Let's maybe consider configuring Dependabot for keeping dependency like a base image up to date

from netshoot.

nicolaka avatar nicolaka commented on May 13, 2024

@programmer04 any chance you can submit a PR ?

from netshoot.

Dentrax avatar Dentrax commented on May 13, 2024

I can also add some security scanning stuff in the pipeline. I can file an issue for this if you want.

from netshoot.

programmer04 avatar programmer04 commented on May 13, 2024

Sure, I've just created the PR @nicolaka #113.

I think that adding security scanning is a good idea @Dentrax (e.g. once a day to detect the newest reported vulnerabilities)! GitHub unfortunately does not support Docker images in their dependency graph so security vulnerabilities are not reported automatically.

from netshoot.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.