Lissy93
Docker image - vulnerabilities
Environment
Self-Hosted (Docker)
System
Docker (Various)
Version
3.1.1
Describe the problem
I have been running dashy (Docker image) on both Windows and Linux, I have noticed that, there are a number of Critical and Serious vulnerabilities with the image. Scout on Windows lists these very well, on both the latest and Auto tags. Are there any plans to address these? I love this method of displaying links/apps etc, I'm very concerned of continuing to use it with these vulnerabilities.
Additional info
No response
Please tick the boxes
- [X] You have explained the issue clearly, and included all relevant info
- [X] You are using a supported version of Dashy
- [X] You've checked that this issue hasn't already been raised
- [X] You've checked the docs and troubleshooting guide
- [X] You agree to the code of conduct
Hi We take security quite seriously, could you share which vulnerabilites exactly you mean?
The ones displayed by node/npm/yarn ?
I think they have been discussed before but were marked as non-critical for dashy, but we can defenitely take a look.
Hello,
I use the following system to review the vulnerabilities of docker images, Docker Scout, which is embedded in the Windows Docker Environment, you will see from below that there are a number of vulnerabilities in the latest tag, I have also checked the auto tag which has also many vulnerabilities. Would suggest you run the Windows docker environment yourself have a interactive view of the issues.
This issue has gone 3 months without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
