docker-kong icon indicating copy to clipboard operation
docker-kong copied to clipboard
verified publisher icon Kong

Remove libcurl dependency

Open epikur-io opened this issue 2 years ago • 1 comments

Summary

When building the Kong docker image for Ubuntu, some cURL/libcurl related CVE findings occur in the image when perfoming a container security scan.

cURL is purged after usage inside the Dockerfile, but the libcurl dependency is left. Container security scanners find CVEs related to cURL (like CVE-2023-38545). By adding --autoremove option to the purge command, the libcurl dependency will also get purged.

Manuel Gugel <manuel_sebastian.gugel@mercedes-benz.com>, Mercedes-Benz Tech Innovation GmbH, imprint

epikur-io avatar Oct 09 '23 12:10 epikur-io

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Oct 09 '23 12:10 CLAassistant