Docker overlay VA Scan point || Able to see the older deleted version of application inside overlay

Hi all,
I have a point raised by client that there is a vulnerable version of a application running so i have updated the application but still the scanning is taking place in the docker host and the agent is able to scan the overlay folder and inside overlay folder there is older image stored and its reporting that as vulnerable.

Things i have done to remidiate

in the above screenshot you can see that i upgraded to the java version to jre1.8.0_391 it was previously jre1.8.0_192.
I have also run docker system prune -a and deleted the docker folder. As client requirement i have kept the docker lib folder in a /app direcotry.

After running docker prune -a i deleted the whole docker lib directory.

here is my docker file

FROM baseimage
ENV DEBIAN_FRONTEND noninteractive
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.84
COPY apache-tomcat-9.0.84 $CATALINA_HOME
ENV JRE_HOME /opt/jre1.8.0_391
COPY jre1.8.0_391 $JRE_HOME
COPY hosts   /etc/hosts
RUN /usr/bin/chmod +x $CATALINA_HOME/bin/*
RUN /usr/bin/chmod -R 777 $JRE_HOME/*
CMD start

Building the Application image. docker build --no-cache -t mosmabeelive:1 .

with the find command i am able to see the older version of java

[root@uatsoftposapp1 docker]# find /app/docker/ -name jre1.8.0_192

Please help with this

Docker images are kept until you delete them, independent of running them.

docker image ls
docker image rm <id>
docker image prune

There is no java on the screenshot and it is hard to see it anyway even when I zoom in.

If it is not in your Dockerfile, than it must be in the base image. You can’t delete anything from an image, only build a new layer that hides it from the process in the container.

@rimelek thanks i could see it was in the base image.