cube-js/cube

Docker scan for V0.32 reported 4 critical vulnerabilities (75 in total) - SOC2 T2 assessment

Open

#6.340 geöffnet am 23. März 2023

Auf GitHub ansehen
 (3 Kommentare) (1 Reaktion) (1 zugewiesene Person)Rust (1.965 Forks)batch import
help wantedsecurity

Repository-Metriken

Stars
 (19.563 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 5T 16h) (138 gemergte PRs in 30 T)

Beschreibung

Describe the bug We are in the process of a SOC2 T2 audit. Part of the process is a vulnerability assessment of all images, and containers.

We ran a static scan on the latest (0.32) Docker image version. Based on the scans from Docker that latest version has 75 vulnerabilities, and 4 of those are critical. See image below.

Most likely, these vulnerabilities will have an impact on other organizations aldo running formal security audits. As per our SOC2, critical vulnerabilities have an SLA for resolution of 14 days.

This issue was communicated via Slack. @keydunov asked us to file this Github issue.

To Reproduce Open Docker Desktop and run scan

Screenshot 2023-03-23 at 9 51 23 AM

Version: V0.32.14

Contributor Guide