1 Compliance and 44 Fixable Vulnerabilities found in zookeeper-exporter image after doing the twistlock scan on it.
1 compliance
{
"complianceFailureSummary": "C:0|H:1|M:0|L:0|T:1",
"vulnerabilityFailureSummary": "C:5|H:30|M:11|L:1|T:47",
"complianceDistribution": {
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"total": 1
},
"vulnerabilityDistribution": {
"critical": 5,
"high": 30,
"medium": 11,
"low": 1,
"total": 47
}
}
Detailed Report of Compliance for image
{
"text": "",
"id": 41,
"severity": "high",
"cvss": 0,
"status": "",
"cve": "",
"cause": "",
"description": "It is a good practice to run the container as a non-root user, if possible. Though user\nnamespace mapping is now available, if a user is already defined in the container image, the\ncontainer is run as that user by default and specific user namespace remapping is not\nrequired",
"title": "(CIS_Docker_v1.3.1 - 4.1) Image should be created with a non-root user",
"vecStr": "",
"exploit": "",
"link": "",
"type": "image",
"packageName": "",
"packageVersion": "",
"layerTime": 0,
"templates": [
"PCI",
"DISA STIG"
],
"twistlock": false,
"cri": false,
"published": 0,
"fixDate": 0,
"discovered": "0001-01-01T00:00:00Z",
"functionLayer": "",
"severityCHML": "H"
}
Update the go version to golang:1.19-alpine and alpine version to alpine:3.17.0 in Dockerfile for zookeeper-exporter. Updating the version will solve all the 44 fixable Vulnerabilities.
ISSUE
1 Compliance and 44 Fixable Vulnerabilities found in zookeeper-exporter image after doing the twistlock scan on it.
1 compliance
CVE links for 44 Fixable Vulnerabilities:
Solution