This is a proactive ticket to scan the official image manually for the presence of the log4j vulnerability.
❯ docker scan akamai/shell:latest
Testing akamai/shell:latest...
Organization: ynohat
Package manager: apk
Project name: docker-image|akamai/shell
Docker image: akamai/shell:latest
Platform: linux/amd64
Base image: alpine:3.13.7
Licenses: enabled
✓ Tested 99 dependencies for known issues, no vulnerable paths found.
According to our scan, you are currently using the most secure version of the selected base image
The base image is fine ✅
It is not possible to scan beyond the base if I understand docker scan correctly, unless we provide the dockerfile used to build the image. This is unwieldy because of the layered approach to building the variants, but we can check manually:
This is a proactive ticket to scan the official image manually for the presence of the log4j vulnerability.
The base image is fine ✅
It is not possible to scan beyond the base if I understand
docker scan
correctly, unless we provide the dockerfile used to build the image. This is unwieldy because of the layered approach to building the variants, but we can check manually:Is log4j installed?
Only the nodejs port ✅
Is log4j bundled in other jars?
No ✅