grist-core icon indicating copy to clipboard operation
grist-core copied to clipboard

Published 20 hours ago verified publisher icon gristlabs

High Vulnerability Count in Latest Docker Image

Open mulder999 opened this issue 7 months ago • 0 comments

Description

The latest container image available on Docker Hub contains a significant number of vulnerabilities:

  • Docker Desktop reports 112 vulnerabilities.
  • Dependency Track reports 83 vulnerabilities.

For example, among the most critical issues is the use of the Go standard library from version 1.18.3, which is over two years old and contains several known vulnerabilities.

Impact

The presence of these vulnerabilities can expose our applications to various security risks.

Steps to Reproduce

  1. Pull the latest container image from Docker Hub.
  2. Analyze the image using Docker Desktop and Dependency Track.

Suggested Actions

  • Upgrade components version to the latest stable release to ensure the latest security patches are applied.
  • Review and update other dependencies to their latest versions to mitigate reported vulnerabilities.
  • Implement regular security audits and vulnerability scans as part of the CI/CD pipeline to identify and address vulnerabilities promptly.

Additional information

Please prioritize this issue due to its potential impact on our security posture. If further assistance is required, feel free to reach out.

image

mulder999 avatar Jun 27 '24 08:06 mulder999