You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker pull elixir:1.9
docker scan elixir
Tested 537 dependencies for known vulnerabilities, found 331 vulnerabilities.
A good amount are high severity. I know local scan is still beta, so it's possible there are bugs. I'm curious how these are introduced considering how often the image is built.
The text was updated successfully, but these errors were encountered:
@mjmaurer I'm seeing similar numbers in regards to elixir:1.11.4 but many of these vulnerabilities are coming from dependencies included in the image. Thus, I recommend using a different image that works for your use case. For example
$ docker scan elixir:1.11.4-alpine
...
Tested 22 dependencies for known vulnerabilities, found 1 vulnerability.
Note: The one vulnerability here is as follows:
Medium severity vulnerability found in musl/musl
$ docker scan elixir:1.11.4-slim
...
Tested 96 dependencies for known vulnerabilities, found 63 vulnerabilities.
In general, one can reduce the level of security vulnerabilities by selecting an image that doesn't include unnecessary dependencies like alpine or slim.
A good amount are high severity. I know local scan is still beta, so it's possible there are bugs. I'm curious how these are introduced considering how often the image is built.
The text was updated successfully, but these errors were encountered: