security scan docker image with container "aquasec/trivy:0.32.1"
Issue #5
resolved
Hello, we use wisemapping in the docker environment. A scan with aquasec/trivy brought a lot of critical errors related to the used debian and spring framework. See attachement below. Maybe it is possible to update the used components in the image?
Thank you for your work. Many greetings Henrik
Comments (3)
-
-
- changed status to open
-
- changed status to resolved
All the issues must be solved !
- Log in to comment
Thanks for the head up. The interesting part is that the current based image is based on the latest tomcat version.
https://hub.docker.com/layers/library/tomcat/9.0-jdk17-openjdk/images/sha256-24a1ba0d232f6449a23b61205ecf125b65ec9b27ae3dcad2954545f5734b7c68?context=explore
Are the same debian vulnerabilities reported in the base image ?