Open jacek99 opened 4 years ago
@jacek99 Thanks for reporting this issue! We will look into it.
v3.8.0 updated base docker image to latest, removed testing private key from docker image and removed execuation permission when building docker. Please check again.
I cannot access to Twistlock scan tool, thus couldn't have latest scan report based on latest build. It's great if any suggestions for other replacement of docker image scan tools.
The latest Docker image fails a Twistlock security scan due to multiple critical/high CVEs in it:
''' Scanning mcr.microsoft.com/azure-storage/azurite:latest... Vulnerabilities
Image ID CVE Package Version Severity Status CVSS
mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-14697 musl 1.1.20-r4 critical fixed in 1.1.20-r5 9.8 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-15606 node 10.15.3 critical 9.8 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-15605 node 10.15.3 critical 9.8 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1184 https-proxy-agent 2.2.1 high fixed in >=2.2.3 7 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-13173 fstream 1.0.11 high fixed in >=1.0.12 7.5 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-15847 gcc 8.3.0-r0 high 7.5 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-15604 node 10.15.3 high 7.5 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-1549 openssl 1.1.1b-r1 medium fixed in 1.1.1d-r0 5.3 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-1547 openssl 1.1.1b-r1 medium fixed in 1.1.1d-r0 4.7 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-1551 openssl 1.1.1b-r1 medium fixed in 1.1.1d-r2 5.3 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1427 bin-links 1.1.2 low fixed in >=1.1.5 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1435 bin-links 1.1.2 low fixed in >=1.1.5 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1438 bin-links 1.1.2 low fixed in >=1.1.6 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1179 minimist 0.0.8 low fixed in >=0.2.1 <1.0.0 || >=1.2.3 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1084 mem 1.1.0 low fixed in >=4.0.0 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1434 npm 6.4.1 low fixed in >=6.13.3 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1436 npm 6.4.1 low fixed in >=6.13.3 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1437 npm 6.4.1 low fixed in >=6.13.4 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a NODE-SECURITY-1179 minimist 1.2.0 low fixed in >=0.2.1 <1.0.0 || >=1.2.3 1 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-1552 openssl 1.1.1b-r1 low 3.3 mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a CVE-2019-1563 openssl 1.1.1b-r1 low fixed in 1.1.1d-r0 3.7 Vulnerability threshold check results: FAIL
Compliance
Image ID Severity Description
mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a high (CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user mcr.microsoft.com/azure-storage/azurite:latest b20240710b5f4a1a high Private keys stored in image
'''