Hello,
i pulled the latest version which is 7.10.1.
when using docker scout to scan the image, it reports a total of 576 vulnerabilities. 1 critical, 1 high, 542 medium, 26 low.
is this normal?
Hey @tadthies,
At the moment, a high number of vulnerabilities are expected when scanning the 7.10.1 image. The critical and high findings are known issues in upstream Go modules (golang-jwt, x/crypto, x/net, and the standard library) and will be addressed in upcoming patch updates. Most of the other findings come from the Ubuntu base image that we build from, where many CVEs are reported even when security patches have already been backported.
We are actively working to resolve the higher severity vulnerabilities. If the current findings are a blocker for your environment, we recommend holding off until the next patch release. Please let us know if you have any further questions!
1 Like