Vulnerability in images

suresh718 · March 12, 2024, 5:21pm

Used maven:3.9.6-amazoncorretto-17-al2023, tomcat:10.1.17-jre17 to build the image.
When we scan the final built image using Blackduck. There are many critical and high vulnerabilities. As many of the packages are still vulnerable even after upgrading. I do not find any way to update it to no vulnerable version.
Could you please guide on resolution ?

terpz · March 14, 2024, 1:17pm

Hi

The best way is to check if the docker repo has a newer version, else you can always try and build it yourself?

suresh718 · April 18, 2024, 11:30am

@terpz Thanks. We ensure to use latest images. Most of the times, components are vulnerable in newer version too, which is detected in BDH. Any suggestion on that.

suresh718 · May 22, 2024, 9:34am

Hi Team,
Updated my image to tomcat:10.1.23-jre17. Still there are vulnerability found in the final image by Blackduck hub.
For ex. GNU PG 2.2.7 showing low vulnerability by docker hub, the same version is showing critical vulnerability in BDH. Could you please fix that or provide the solution ?

chandralekhalella259 · June 4, 2024, 9:21pm

I recently downloaded nicolaka/netshoot latest image but it has critical vulnerabilities. When can we expect that to be addressed ? @nicolaka

Topic		Replies	Views
Java-vulnerability: What is the security patch response workflow for official docker hub images? Docker Hub	2	1025	April 21, 2022
Not able to locate image - tomcat 10 with jdk21 and compatible with amazon linux 2023 Docker Hub	1	33	October 2, 2024
Scan reports many vulnerabilities in official images on docker hub General	6	1547	March 10, 2023
Is there a repository somewhere containing infected Docker images? Docker Hub dockerhub , docker	0	525	March 5, 2020
Vulnerability remediation under /var/lib/docker/overlay2/ Docker Hub docker , build	1	2692	October 19, 2022

Vulnerability in images

Related topics