Question

问题在于，在aqua扫描中它显示漏洞：“ libxml2”（这意味着libxml2不安全）

Vulnerability: CVE-2019-20388
Severity: High
Resource Type: APK Package
Resource: libxml2
Installed Version: 2.9.10-r2
Fix Version: None
Acknowledged: No

在docker文件中，我们使用的是“ alpine”，有人告诉我“ alpine”使用的是“ libxml2”：

我应该更新高山吗？如果是，那么我应该如何更新？
有没有一种方法只能更新“ libxml2”，这样它就不会在aqua扫描中出现错误？如果是，那么我如何仅更新libxml2？ -抱歉，我真的是Docker的新手。
或者是否有一种方法可以在docker中使用“ libxml2”的替代方法，从而使aqua不会因漏洞而出错？

当前dockerfile（由其他人创建）：

######################################
# Stage 1 - install dependencies      #
#######################################
FROM alpine AS installer
WORKDIR /usr/src/ui

# Add Depedencies
RUN apk add --no-cache --update git openssh nodejs nodejs-npm

# Set Build ARGS
ARG DEPLOY_USER
ARG DEPLOY_PAT
ARG DEPLOY_EMAIL
ARG LOCAL_BUILD=false

# Map Build ARGS to ENVs
ENV DEPLOY_USER ${DEPLOY_USER}
ENV DEPLOY_PAT ${DEPLOY_PAT}
ENV DEPLOY_EMAIL ${DEPLOY_EMAIL}
ENV LOCAL_BUILD ${LOCAL_BUILD}

# Copy Relevant Files
COPY package.json ./
COPY .npmrc ./

# Make the Docker Resources
RUN mkdir -p ./docker
COPY docker ./docker

# # Run the setup script to inegrate with the private NPM registry
RUN docker/setup && npm install --production


#######################################
# Stage 2 - build the  system         #
#######################################
FROM alpine AS builder
WORKDIR /usr/src/ui

# Install Dependenceis
RUN apk add --no-cache --update git openssh nodejs nodejs-npm && apk add --no-cache --virtual .gyp python make g++ && npm install -g webpack-cli backpack-core

WORKDIR /usr/src/ui/node_modules/azure-common

RUN apk update --no-cache && npm i xmlbuilder@latest

WORKDIR /usr/src/ui

# Copy Resources
COPY . .
COPY --from=installer /usr/src/ui/node_modules ./node_modules

# Ensure Log File exists and Build
RUN mkdir -p logs && touch logs/app.log && npm run build

#######################################
# Stage 3 - Run the System            #
#######################################
FROM nginx:alpine
WORKDIR /usr/share/nginx/html

# Install runtime Dependencies
RUN mkdir -p ./build/cdx && apk add --no-cache --update nodejs nodejs-npm && npm i -g npm@latest

WORKDIR /usr/lib/node_modules/npm/node_modules/

RUN apk update --no-cache && npm i yargs-parser@latest

WORKDIR /usr/lib/node_modules/npm/node_modules/yargs/node_modules

RUN rm -rf yargs-parser

WORKDIR /usr/share/nginx/html


# Copy Resources
COPY . .
COPY --from=builder /usr/src/ui/build/ ./build/
COPY --from=installer /usr/src/ui/node_modules ./node_modules

WORKDIR /usr/share/nginx/html/node_modules/azure-common

RUN apk update --no-cache && npm i xmlbuilder@latest

WORKDIR /usr/share/nginx/html/node_modules/webpack-dev-server

RUN apk update --no-cache && npm i yargs-parser@latest

WORKDIR /usr/share/nginx/html/node_modules/webpack-dev-server/node_modules/yargs/node_modules

RUN rm -rf yargs-parser

# WORKDIR /usr/share/nginx/html/node_modules/localtunnel

# RUN apk update --no-cache && npm i yargs-parser@latest

# WORKDIR /usr/share/nginx/html/node_modules/localtunnel/node_modules/yargs/node_modules

# RUN rm -rf yargs-parser

# WORKDIR /usr/share/nginx/html/node_modules/browser-sync

# RUN apk update --no-cache && npm i yargs-parser@latest

# WORKDIR /usr/share/nginx/html/node_modules/browser-sync/node_modules/yargs/node_modules

# RUN rm -rf yargs-parser

WORKDIR /usr/share/nginx/html

# COPY --from=installer /usr/src/ui/docker/index.html ./build
COPY --from=builder /usr/src/ui/build/server/ ./

# Expose Express Port
EXPOSE 3000

# Start the Express server
CMD ["node", "/usr/share/nginx/html/main.js"]

如何修复Docker中的Aqua漏洞？ -Docker新手

0 个答案: