Twistlock security scan shows that private keys are stored in the container

[sanknmFinicity]

Hi there!

Twistlock vulnerability scans raise a compliance alarm on images containing Protractor node module:

Private keys stored in image: Found: node_modules/browserstack/node_modules/agent-base/test/ssl-cert-snakeoil.key , node_modules/saucelabs/node_modules/agent-base/test/ssl-cert-snakeoil.key Private keys stored in image"

Steps to reproduce Install Protractor. Build a docker image containing that node module and run that image through Twistlock scanning.

Expected outcome Successful Twistlock scan completion without errors.

Actual outcome Twistlock raises a compliance issue because server.key file is included.

Suggested fix Update saucelab and agent-base to the latest version