scout-cli icon indicating copy to clipboard operation
scout-cli copied to clipboard

Published 20 hours ago verified publisher icon docker

Windows Image: OS-Level is not scanned

Open Herr-Sepp opened this issue 7 months ago • 0 comments

Thank you that it is already possible to scan Windows images even if it is still very slow.

However, I miss the OS level in the scan. If an image is scanned with an outdated base image, at least a warning should be displayed. It might also be possible to display the CVE directly from sources such as https://msrc.microsoft.com/update-guide/vulnerability

Example:

docker scout cves mcr.microsoft.com/windows/nanoserver:1809-KB4464455

Only finds the outdated curl package in the image but that the Windows version is from November 13, 2018 (operating system build 17763.107) is not detected and displayed.

It is possible to read the Windows version from the image. Described e.g. in this article https://jamiemagee.co.uk/blog/scanning-windows-container-images-is-surprisingly-easy/

Herr-Sepp avatar Jul 04 '24 08:07 Herr-Sepp