cube-js/cube

Docker scan for V0.32 reported 4 critical vulnerabilities (75 in total) - SOC2 T2 assessment

Open

#6,340 opened on 2023年3月23日

GitHub で見る
 (3 comments) (1 reaction) (1 assignee)Rust (1,965 forks)batch import
help wantedsecurity

Repository metrics

Stars
 (19,563 stars)
PR merge metrics
 (平均マージ 5d 16h) (30d で 138 merged PRs)

説明

Describe the bug We are in the process of a SOC2 T2 audit. Part of the process is a vulnerability assessment of all images, and containers.

We ran a static scan on the latest (0.32) Docker image version. Based on the scans from Docker that latest version has 75 vulnerabilities, and 4 of those are critical. See image below.

Most likely, these vulnerabilities will have an impact on other organizations aldo running formal security audits. As per our SOC2, critical vulnerabilities have an SLA for resolution of 14 days.

This issue was communicated via Slack. @keydunov asked us to file this Github issue.

To Reproduce Open Docker Desktop and run scan

Screenshot 2023-03-23 at 9 51 23 AM

Version: V0.32.14

コントリビューターガイド