Hi all,
I have a point raised by client that there is a vulnerable version of a application running so i have updated the application but still the scanning is taking place in the docker host and the agent is able to scan the overlay folder and inside overlay folder there is older image stored and its reporting that as vulnerable.
Things i have done to remidiate
in the above screenshot you can see that i upgraded to the java version to jre1.8.0_391 it was previously jre1.8.0_192.
I have also run docker system prune -a and deleted the docker folder. As client requirement i have kept the docker lib folder in a /app direcotry.
After running docker prune -a i deleted the whole docker lib directory.
here is my docker file
FROM baseimage
ENV DEBIAN_FRONTEND noninteractive
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.84
COPY apache-tomcat-9.0.84 $CATALINA_HOME
ENV JRE_HOME /opt/jre1.8.0_391
COPY jre1.8.0_391 $JRE_HOME
COPY hosts /etc/hosts
ENV PATH $CATALINA_HOME/bin:$PATH
RUN /usr/bin/chmod +x $CATALINA_HOME/bin/*
RUN /usr/bin/chmod -R 777 $JRE_HOME/*
WORKDIR $CATALINA_HOME
EXPOSE 8105
CMD catalina.sh start
Building the Application image. docker build --no-cache -t mosmabeelive:1 .
with the find command i am able to see the older version of java
[root@uatsoftposapp1 docker]# find /app/docker/ -name jre1.8.0_192
/app/docker/689824.689824/overlay2/af99fabb9d3e7a7c6317a08c86c0da9faeb2e98374aa249a4d1b4938708a6e34/diff/opt/jre1.8.0_192
/app/docker/689824.689824/overlay2/6f989e219dbc32b2d7b1abbd5572e4100aa02c9a621886b350cc655b8ed81fd6/diff/opt/jre1.8.0_192
Please help with this