Closed MichaelLeeHobbs closed 2 years ago
First, thanks for the info. These don't seem specific to the Dockerized Connect images as the scan is run on Connect's included libraries so it seems like a better place may be the Connect open source GitHub repo. Second, there's no way we will address every CVE in this ticket so if there are specific CVEs or libraries you are concerned about, please open an issue or discussion in the Connect GitHub repo for each separately.
Scan was completed with https://github.com/aquasecurity/trivy
Scanned
All returned the same result on the Java scan and various for the OS.
Java (jar)
Total: 89 (UNKNOWN: 1, LOW: 4, MEDIUM: 38, HIGH: 42, CRITICAL: 4)