Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker base images #174

Open
LPETERS006 opened this issue Feb 11, 2022 · 0 comments
Open

Docker base images #174

LPETERS006 opened this issue Feb 11, 2022 · 0 comments

Comments

@LPETERS006
Copy link

Hi.

have you ever tried to use "adoptopenjdk/openjdk11:alpine", "adoptopenjdk/openjdk11:centos", "adoptopenjdk/openjdk11:latest" (ubuntu) as base image (FROM ..)? These images are based on the vendor's base images (e.g. alpine:3.14) and are likely to be more secure.

To explain: Yesterday I started scanning my images for vulnerabilities with SNYK (Docker Scan...). According to SNYK, by switching from alpine:3.12 to alpine:3.14 as a base, I was able to close all vulnerabilities.

Then I noticed that you are using "azul/zulu-openjdk-alpine:jdk11" as the base image.
And unfortunately the makers of this image only use a tar file as a basis. That can include pretty much anything. Then I tried to scan it for vulnerabilities but that fails....

The image may not be secure, but it doesn't have to be. Just wanted to point that out.

Greetings Lasse

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant