The project description states it's "Language focused docker images, minus the operating system". bit above, lots, if not all, of items in the report have it).Īpparently, python:3.9 image is based on the full-fledged Debian 10 distributive:ĥ.6 MB - Alpine rocks! Scanning distroless Python imageĪnother potential solution for the problem of bloated containers that looks promising is so-called "distroless" Docker images by Google. Taking a closer look at the scan report gave me a clue that the majority of the found vulnerabilities might have something to do with Debian (see the Info. Tested 431 dependencies for known vulnerabilities, found 358 vulnerabilities.įor more free scans that keep your images secure, sign up to Snyk at ģ58 vulnerabilities were found in total: among them, 54 were high severity and 48 medium severity. ✗ High severity vulnerability found in bluez/libbluetooth3 ![]() ✗ High severity vulnerability found in djvulibre/libdjvulibre21 ✗ High severity vulnerability found in gcc-8 Introduced through: > Low severity vulnerability found in tiff/libtiff5 ✗ Low severity vulnerability found in unbound/libunbound8 To my utter surprise, the output was huge! Here is just an excerpt:īuilt with ConvertKit Testing python-flask. And it just so happened that it was a fairly basic thing: # latest stable at the time So, I decided, mostly for the sake of fun, to scan one of my images. Apparently, it's some sort of a vulnerability scanner. The docker scan command uses a third-party tool, called Snyk Container. I've been ignoring its existence for a while, so evidently, it was time to finally try it out. I was hacking containers recently and noticed, that Docker started featuring the docker scan command in the docker build output.
0 Comments
Leave a Reply. |