docker 发布了一个新命令“scan”,但是当我构建一个简单的镜像时,它总是报告有很多很多漏洞
$ cat Dockerfile
FROM debian:10
RUN apt-get update && apt-get dist-upgrade
构建图像并扫描它
$ docker build -t test .
$ docker scan test
...
✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...
Package manager: deb
Project name: docker-image|test
Docker image: test
Platform: linux/amd64
Tested 92 dependencies for known vulnerabilities, found 62 vulnerabilities.
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
我们真的需要处理这些问题吗?