-
-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivy image scan showing many vulnerabilities #1716
Labels
🐋 docker
Related to Docker code
Comments
Kroki image is built on top of Eclipse temurin image: https://hub.docker.com/_/eclipse-temurin/tags?page=1&name=17.0.10_7-jre Latest version has fewer vulnerabilities but low/medium are, as the name suggests, difficult to exploit or have limited impact. You can bump the version in https://github.com/yuzutech/kroki/blob/a5f21c24c16d0beef5eddfbfdf3b5910df2ec711/server/ops/docker/jdk17-jammy/Dockerfile#L235C22-L235C40 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have an internal process that uses "Trivy" to scan for vulnerabilities. According to that tool 0.24.1 has a lot of vulnerabilities in it. Not sure exactly what it takes to fix this but can we get an image with these addressed for those that have fixes? (Note: I logged a different ticket some time ago related to a couple other vulnerabilities that showed up in the same scan - but those were explained. This ticket is about the ones below:)
The full report: kroki-0.24.1.trivy.json
The summary:
The text was updated successfully, but these errors were encountered: