Docker scan for V0.32 reported 4 critical vulnerabilities (75 in total) - SOC2 T2 assessment
#6,340 opened on Mar 23, 2023
Repository metrics
- Stars
- (19,563 stars)
- PR merge metrics
- (Avg merge 5d 16h) (138 merged PRs in 30d)
Description
Describe the bug We are in the process of a SOC2 T2 audit. Part of the process is a vulnerability assessment of all images, and containers.
We ran a static scan on the latest (0.32) Docker image version. Based on the scans from Docker that latest version has 75 vulnerabilities, and 4 of those are critical. See image below.
Most likely, these vulnerabilities will have an impact on other organizations aldo running formal security audits. As per our SOC2, critical vulnerabilities have an SLA for resolution of 14 days.
This issue was communicated via Slack. @keydunov asked us to file this Github issue.
To Reproduce Open Docker Desktop and run scan

Version: V0.32.14