You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(must) allow for ignoring specific vulnerabilities manually.
(ideally) allows for ignoring vulnerabilities without fixes.
Tests
I tried out Docker Scout and the following make target worked reasonably well. However, it didn't work as expected (it detected a known vulnerability in OpenSSL (correct) but it suggested downgrading the base image (from docker.io/golang:1.21.5-alpine3.19) to docker.io/golang:1.20-alpine3.19, seemingly because it's more popular, even though it achieves nothing).
Relates to #81, #119, #123
Summary
Expand
audit
ing to cover the container images (Containerfile
andContainerfile.dev
) so as to stay on secure base images.Suggestions, tips, thoughts are welcome.
Goals
The solution:
Tests
I tried out Docker Scout and the following make target worked reasonably well. However, it didn't work as expected (it detected a known vulnerability in OpenSSL (correct) but it suggested downgrading the base image (from
docker.io/golang:1.21.5-alpine3.19
) todocker.io/golang:1.20-alpine3.19
, seemingly because it's more popular, even though it achieves nothing).The text was updated successfully, but these errors were encountered: