search

actions / actions-runner-controller

Kubernetes controller for GitHub Actions self-hosted runners
Apache License 2.0
4.74k stars 1.12k forks source link

Critical and High severity issue on summerwind/actions-runner:latest #1221

Open shettarvinay opened 2 years ago

shettarvinay commented 2 years ago

Describe the bug Critical and High severity issue on summerwind/actions-runner:latest

To Reproduce Scan the docker image for security compliance

Expected behavior Image to be free of severities

Screenshots image

shettarvinay commented 2 years ago

@mumoshu : We are presently connecting with our docker image scan tool owner to check if the results found are false positive, as go is not directly found on the runner and runner-dind images.

Also, we scanned the same images (runner and runner-dind) with docker scan image_name, for which results were logged to https://app.snyk.io/ and turns out that , it doesn't report go vulnerabilities and minimatch.

Btw, openssl issue is newly found and is getting reported from our internal used docker scan tool as well as docker scan command and logged in snyk, PFA below.

Let me know if your findings are same as ours, thanks :)

FYR screenshot below image