CVE issues - strapi/base: latest image

[KarthiAru]

Hi,

I'm getting the following CVE for the custom docker image. The npm packages have ben updated and there are no vulnerabilities. But the CVEs are primarily due to linux kernel issues from the base os image - Debian GNU/Linux 9 (stretch). Any suggestions on building an image with less vulnerabilities?

• CVE-2017-1000476
• CVE-2017-12429
• CVE-2017-12652
• CVE-2017-14532
• CVE-2017-17458
• CVE-2017-17914
• CVE-2018-12930
• CVE-2018-12931
• CVE-2018-13347
• CVE-2018-14551
• CVE-2018-20030
• CVE-2018-9517
• CVE-2019-0145
• CVE-2019-19074
• CVE-2019-19813
• CVE-2019-19814
• CVE-2019-19815
• CVE-2019-19816
• CVE-2019-8457
• CVE-2020-0404
• CVE-2020-10878
• CVE-2020-12464
• CVE-2020-13974
• CVE-2020-14356
• CVE-2020-14386
• CVE-2020-15780

Regards, Karthik

[alexandrebodin]

Hi @KarthiAru sure !

The strapi/strapi image relys on the strapi/base image. You can easily copy the base image and the strapi images to use an other base image as you see fit. For examples the alpine base image here: https://github.com/strapi/strapi-docker/blob/master/base/alpine/Dockerfile. We just install some required depdendencies.

You can pretty easily create a custom image for your needs. Let me know if you have some good recommendation so we can add other variants of our images of course :)

[KarthiAru]

@alexandrebodin Thanks! I tried with node:12.19.0-alpine. It is working and there are no vulnerabilities now.