Comments (6)
please re run test with latest image ( v0.7) as I upgraded to alpine 3.16
from netshoot.
It seems most of these are fixed 👍
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
flock 2.38-r2 apk CVE-2010-3262 Medium
github.com/containerd/containerd v1.4.1 1.4.3 go-module GHSA-36xw-fx78-c5r4 Medium
github.com/containerd/containerd v1.4.1 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium
github.com/containerd/containerd v1.4.1 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium
github.com/containerd/containerd v1.4.1 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium
github.com/containerd/containerd v1.4.1 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High
github.com/containerd/containerd v1.4.1 1.4.12 go-module GHSA-5j5w-g665-5m35 Low
github.com/docker/docker v20.10.0-beta1.0.20201113105859-b6bfff2a628f+incompatible go-module CVE-2021-21284 Medium
github.com/docker/docker v20.10.0-beta1.0.20201113105859-b6bfff2a628f+incompatible go-module CVE-2021-21285 Medium
github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High
github.com/influxdata/influxdb v0.0.0-20190102202943-dd481f35df2c go-module CVE-2018-17572 Medium
github.com/influxdata/influxdb v0.0.0-20190102202943-dd481f35df2c go-module CVE-2019-20933 Critical
github.com/opencontainers/image-spec v1.0.1 1.0.2 go-module GHSA-77vh-xpmg-72qh Low
github.com/opencontainers/runc v1.0.3 1.1.2 go-module GHSA-f3fp-gc8g-vw66 Medium
github.com/projectcalico/calico (devel) go-module CVE-2020-13597 Low
go.etcd.io/etcd v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.4.0 go-module GHSA-wf43-55jj-vwq8 Medium
google.golang.org/protobuf v1.26.0 go-module CVE-2021-22570 High
google.golang.org/protobuf v1.26.0 go-module CVE-2015-5237 High
httpie 3.2.1 python CVE-2019-10751 High
scapy git-archive.dev8b63d73a172 2.4.1 python GHSA-mpf2-q34c-fc6j High
from netshoot.
Let's maybe consider configuring Dependabot for keeping dependency like a base image up to date
from netshoot.
@programmer04 any chance you can submit a PR ?
from netshoot.
I can also add some security scanning stuff in the pipeline. I can file an issue for this if you want.
from netshoot.
Sure, I've just created the PR @nicolaka #113.
I think that adding security scanning is a good idea @Dentrax (e.g. once a day to detect the newest reported vulnerabilities)! GitHub unfortunately does not support Docker images in their dependency graph so security vulnerabilities are not reported automatically.
from netshoot.
Related Issues (20)
- /usr/local/bin/ctop contains a webpage HOT 1
- dog request
- termshark does not yet support arm HOT 3
- include eBPF tool ecapture?
- Netgen service not available anymore
- no matching manifest for linux/arm/v7 in the manifest list entries
- Netshoot kubectl plugin HOT 3
- root required for "latest" HOT 2
- Please add ltrace to netshoot HOT 1
- httpie is broken in latest netshoot HOT 1
- Container does not have the cap_net_raw+p capability or setuid? capabilities. HOT 4
- DNS because of musl/Alpine base? HOT 4
- This container allows password authentication to the root local user.
- [feature-request] consider adding mysql-client to base image
- consider adding `ioping`
- Is dependabot disabled ? Missing incoming PRs (e.g. alpine 3.18.5)
- ctop error -- kubernetes runtime : containerd
- Critical Vulnerabilities - Authorization Bypass
- Unexpected error faced while pulling the docker image!! HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netshoot.