-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
r-base critical vulnerabilities when scanned on AWS ECR #379
Comments
We don''t issue the CVE tickes, so you will to check the documentation under those issues. I think we should close this here. Not a Rocker issue, maybe a general Docker issue. |
Just curious, did you try also testing the base image (e.g. |
Hello I did not ... |
And while you are at it: also do |
I triied debian:latest It is better 3 Medium + 41 others (https://hub.docker.com/_/debian) the Official Trying amazonlinux , I just have 1 HIGH but the fix is provided ==> ZERO nada Vulnerabilities |
There are multiple considerations to balance when building a derived Docker container. We do what we consider most suitable; on balance I do not think we found a shortcoming here. If you prefer to build an R container on top of the (rpm-based) amzonlinux you should probably go ahead and do it. We, sadly, do not have the bandwidth for another variant. Thanks for your understanding. |
@Chewbee thanks for sharing. |
Thanks to @cboettig for reminding us that |
Hello, |
Hello,
I built a minimal r-base image :
I only did
and Uploaded it to AWS ECR in order to scan the vulnerabilities
Got 3 critical ( CVE-2019-19813 , CVE-2019-19814 , CVE-2019-19816 )
and 1 High ( CVE-2019-19816 )
I wonder
to move forward with my security officer ;) ?
Any clues welcomed
The text was updated successfully, but these errors were encountered: