cube-js/cube

Docker scan for V0.32 reported 4 critical vulnerabilities (75 in total) - SOC2 T2 assessment

Open

#6,340 建立於 2023年3月23日

在 GitHub 查看
 (3 留言) (1 反應) (1 負責人)Rust (1,965 fork)batch import
help wantedsecurity

倉庫指標

Star
 (19,563 star)
PR 合併指標
 (平均合併 5天 16小時) (30 天內合併 138 個 PR)

描述

Describe the bug We are in the process of a SOC2 T2 audit. Part of the process is a vulnerability assessment of all images, and containers.

We ran a static scan on the latest (0.32) Docker image version. Based on the scans from Docker that latest version has 75 vulnerabilities, and 4 of those are critical. See image below.

Most likely, these vulnerabilities will have an impact on other organizations aldo running formal security audits. As per our SOC2, critical vulnerabilities have an SLA for resolution of 14 days.

This issue was communicated via Slack. @keydunov asked us to file this Github issue.

To Reproduce Open Docker Desktop and run scan

Screenshot 2023-03-23 at 9 51 23 AM

Version: V0.32.14

貢獻者指南