Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy Security scan error #3343

Closed
AshwinSridharan0410 opened this issue May 7, 2024 · 1 comment
Closed

Trivy Security scan error #3343

AshwinSridharan0410 opened this issue May 7, 2024 · 1 comment
Labels
non-issue / invalid This isn't relevant to nvm, or turned out to be something unrelated.

Comments

@AshwinSridharan0410
Copy link

AshwinSridharan0410 commented May 7, 2024
edited
Loading

This is my dockerfile which I am using for installing multiple versions of node .
FROM ubuntu
ENV NVM_DIR /usr/local/nvm
RUN mkdir -p $NVM_DIR
RUN curl https://raw.githubusercontent.com/creationix/nvm/v0.39.7/install.sh | bash
&& . $NVM_DIR/nvm.sh
&& nvm install 14.21.3
&& nvm install 16.15
&& nvm install 18.16.1
&& nvm install 20.11.0
RUN chmod +x $NVM_DIR/nvm.sh

ENV NODE_14_PATH $NVM_DIR/versions/node/v14.21.3/bin
ENV PATH $NODE_14_PATH:$PATH
ENV NODE_16_PATH $NVM_DIR/versions/node/v16.15.1/bin
ENV PATH $NODE_16_PATH:$PATH
ENV NODE_18_PATH $NVM_DIR/versions/node/v18.16.1/bin
ENV PATH $NODE_18_PATH:$PATH
ENV NODE_20_PATH $NVM_DIR/versions/node/v20.11.0/bin
ENV PATH $NODE_20_PATH:$PATH
RUN export NVM_DIR="/usr/local/nvm"
&& [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
&& [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"

When I execute this command below:-
trivy image --severity HIGH,CRITICAL --gnore-unfixed image_name

I am getting these vulnerabilities:-

image

Any idea how to resolve these security vulnerabilities ?
Thanks
@ljharb
Copy link
Member

ljharb commented May 7, 2024

Those have nothing to do with nvm, since nvm doesn’t have any runtime npm dependencies. You’ll have to address the problem in your own code.

@ljharb ljharb closed this as not planned Won't fix, can't repro, duplicate, stale May 7, 2024
@ljharb ljharb added the non-issue / invalid This isn't relevant to nvm, or turned out to be something unrelated. label May 7, 2024
@ljharb ljharb mentioned this issue May 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
non-issue / invalid This isn't relevant to nvm, or turned out to be something unrelated.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljharb @AshwinSridharan0410