Open sanknmFinicity opened 3 years ago
Hi there!
Twistlock vulnerability scans raise a compliance alarm on images containing Protractor node module:
Private keys stored in image: Found: node_modules/browserstack/node_modules/agent-base/test/ssl-cert-snakeoil.key , node_modules/saucelabs/node_modules/agent-base/test/ssl-cert-snakeoil.key Private keys stored in image"
Steps to reproduce Install Protractor. Build a docker image containing that node module and run that image through Twistlock scanning.
Expected outcome Successful Twistlock scan completion without errors.
Actual outcome Twistlock raises a compliance issue because server.key file is included.
Suggested fix Update saucelab and agent-base to the latest version
Hi there!
Twistlock vulnerability scans raise a compliance alarm on images containing Protractor node module:
Private keys stored in image: Found: node_modules/browserstack/node_modules/agent-base/test/ssl-cert-snakeoil.key , node_modules/saucelabs/node_modules/agent-base/test/ssl-cert-snakeoil.key Private keys stored in image"
Steps to reproduce Install Protractor. Build a docker image containing that node module and run that image through Twistlock scanning.
Expected outcome Successful Twistlock scan completion without errors.
Actual outcome Twistlock raises a compliance issue because server.key file is included.
Suggested fix Update saucelab and agent-base to the latest version