search

aacebedo / dnsdock

DNS service discovery for Docker containers
MIT License
606 stars 91 forks source link

dnsdock v1.17.0: Several vulnerabilities found #112

Closed crt0r closed 8 months ago

crt0r commented 9 months ago

Hello! First of all, thank you for developing this project!

Our company's internal installation of Trivy has found several vulnerabilities present in the dnsdock container image version 1.17.0 for amd64.

I am not sure if this info is of any use for you, but thought it might be good to share. b0b0c211-988f-43ff-939b-02ee14b54f3b

I have attached a CSV-formatted export containing the list of vulnerabilities below: csv_file_20240301120432.csv

edit: typo

aacebedo commented 9 months ago

Thanks. It means I need to update deps one by one

aacebedo commented 9 months ago

I have updated the dep. Can you try this version and tell me if it fixes the CVEs ? https://github.com/aacebedo/dnsdock/releases/tag/v1.18.0-rc1 Thanks !

crt0r commented 8 months ago

Yup, Trivy doesn't scream at me now. I've tried both the tar archive and the OCI Image.

crt0r commented 8 months ago

Trivy doesn't scream at me now

Btw you can easily test your code and images with this tool. It's also available via Homebrew. site: https://trivy.dev/