have you ever tried to use "adoptopenjdk/openjdk11:alpine", "adoptopenjdk/openjdk11:centos", "adoptopenjdk/openjdk11:latest" (ubuntu) as base image (FROM ..)? These images are based on the vendor's base images (e.g. alpine:3.14) and are likely to be more secure.
To explain: Yesterday I started scanning my images for vulnerabilities with SNYK (Docker Scan...). According to SNYK, by switching from alpine:3.12 to alpine:3.14 as a base, I was able to close all vulnerabilities.
Then I noticed that you are using "azul/zulu-openjdk-alpine:jdk11" as the base image.
And unfortunately the makers of this image only use a tar file as a basis. That can include pretty much anything. Then I tried to scan it for vulnerabilities but that fails....
The image may not be secure, but it doesn't have to be. Just wanted to point that out.
Hi.
have you ever tried to use "adoptopenjdk/openjdk11:alpine", "adoptopenjdk/openjdk11:centos", "adoptopenjdk/openjdk11:latest" (ubuntu) as base image (FROM ..)? These images are based on the vendor's base images (e.g. alpine:3.14) and are likely to be more secure.
To explain: Yesterday I started scanning my images for vulnerabilities with SNYK (Docker Scan...). According to SNYK, by switching from alpine:3.12 to alpine:3.14 as a base, I was able to close all vulnerabilities.
Then I noticed that you are using "azul/zulu-openjdk-alpine:jdk11" as the base image. And unfortunately the makers of this image only use a tar file as a basis. That can include pretty much anything. Then I tried to scan it for vulnerabilities but that fails....
The image may not be secure, but it doesn't have to be. Just wanted to point that out.
Greetings Lasse