Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update base image #21

Open
Goro2030 opened this issue Sep 18, 2021 · 10 comments
Open

Update base image #21

Goro2030 opened this issue Sep 18, 2021 · 10 comments

Comments

@Goro2030
Copy link

When doing a docker scan lncm/tor, the report throws out a LOT of critical vulnerabilities that need patching. At the bottom of the report, it recommends updating to Debian:11-slim to get rid of most of them

Project name:      docker-image|lncm/tor
Docker image:      lncm/tor
Platform:          linux/amd64
Base image:        debian:10.10-slim

**Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities.**

Base Image         Vulnerabilities  Severity
debian:10.10-slim  61               10 high, 6 medium, 45 low

Recommendations for base image upgrade:

Major upgrades
Base Image      Vulnerabilities  Severity
debian:11-slim  37               1 high, 2 medium, 34 low
@nolim1t
Copy link
Member

nolim1t commented Sep 18, 2021

Thanks for the feedback

@nolim1t nolim1t mentioned this issue Sep 19, 2021
Merged
@nolim1t
Copy link
Member

nolim1t commented Sep 19, 2021

Testing this out. You may try nolim1t/tor:0.4.6.7 if you have an arm64 architecture, but will probably build 0.4.7.1-alpha soon for all architectures

@Goro2030
Copy link
Author

@nolim1t , man, you're absolutelly awesome! Thanks a lot for building this. I'm switching NOW.

@Goro2030
Copy link
Author

Why did the image grew 20 MB from 0.4.6 to 0.4.7? Did you leave any temp files in the build process in the final image maybe?

@nolim1t
Copy link
Member

nolim1t commented Sep 19, 2021

No idea I guess the base image has other stuff in it

@nolim1t
Copy link
Member

nolim1t commented Sep 19, 2021

you can also wait for lncm/tor:0.4.7.1-alpha if you wanna live on the edge a little

@Goro2030
Copy link
Author

you can also wait for lncm/tor:0.4.7.1-alpha if you wanna live on the edge a little

I'm using your Dockerfile and changing it to 4.7.1-alpha (using tor-0.4.7.1-alpha.tar.gz ) ...... i can't wait to live on the edge :)

@Goro2030
Copy link
Author

Project name: docker-image|lncm/tor
Docker image: lncm/tor
Platform: linux/amd64
Base image: debian:10.10-slim

Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities.

Base Image Vulnerabilities Severity
debian:10.10-slim 61 10 high, 6 medium, 45 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
debian:11-slim 37 1 high, 2 medium, 34 low

This is still happening in your latest Dockerfile, as the base image is the same.

Just replace all references from debian:buster-slim to debian:11-slim

@nolim1t
Copy link
Member

nolim1t commented Sep 19, 2021

Project name: docker-image|lncm/tor
Docker image: lncm/tor
Platform: linux/amd64
Base image: debian:10.10-slim
Tested 85 dependencies for known vulnerabilities, found 61 vulnerabilities.
Base Image Vulnerabilities Severity
debian:10.10-slim 61 10 high, 6 medium, 45 low
Recommendations for base image upgrade:
Major upgrades
Base Image Vulnerabilities Severity
debian:11-slim 37 1 high, 2 medium, 34 low

This is still happening in your latest Dockerfile, as the base image is the same.

Just replace all references from debian:buster-slim to debian:11-slim

yes that is still being built.

You'll have to wait if you want the amd64 image

@nolim1t
Copy link
Member

nolim1t commented Sep 19, 2021

0.4.7.1-alpha is now on dockerhub you can try this one out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nolim1t @Goro2030