Docker vulnerability scan still shows Old libraries

serratest · October 15, 2019, 5:28pm

Hi All,
Summary:
I pulled mssqlserver-linux image from docker hub and started the container.when performed container scan it resulted to big list of CVE’s related to OS base debian libraries.I thought of fixing some issues by logging to the container using command “docker exec -it container_id bash” and then running apt-get update && upgrade.I verified some libraries are updated to latest version in the container.i created a new image from the container using command “docker commit container_I’d” and started the container from new image.
After rescan i still see the same list of CVE’s.

Please suggest what I’m missing and what is the best way to update security patches to the docker base image.

Topic		Replies	Views
Security scanning of containers? General dockersecurityscan , security , docker	1	2845	June 1, 2017
Scan reports many vulnerabilities in official images on docker hub General	6	1454	March 10, 2023
"Official Image Vulnerability Scanning" is missing in action? Docker Hub dockerhub , dockersecurityscan	7	1203	October 22, 2020
Does docker vulnerability scan code artifact or dependencies? General dockerhub , build	1	597	November 17, 2021
Launching Snyk vulnerability scanning Docker Hub dockerhub , dockersecurityscan	0	566	April 16, 2021

Docker vulnerability scan still shows Old libraries

Related topics