Container Image Scans - rimerosolutions/entrusted GitHub Wiki

The container image running inside the "sandbox solution" (Docker, Podman or Lima) needs to be protected:

TL;DR: This page is about container image vulnerability scans, those vulnerabilities are usually related to software libraries.

Approach

Trivy from Aqua Security is a decent tool for finding container image vulnerabilities.

Need another tool to balance the information reported (or missed) by Trivy.

There might be vulnerabilities not found by Trivy, due to removing data used in "marker files"
The container image is trimmed to be as small as possible which might expose limitations of few basic scanners
- Scanners might try looking at files that have been deleted
- Scanners might try invoking commands that have been removed from the filesystem

Below is an example of how Trivy can be run.

podman run docker.io/aquasec/trivy image docker.io/uycyjnzgntrn/entrusted_container:0.2.5 > scan.log

Between each release, dated vulnerability assessments will be performed against the Entrusted container image.

The results will be published on this page in the assessments section.

The report below was generated on 2024-01-30 with Trivy.

The report below was generated on 2023-08-26 with Trivy.

The report below was generated on 2022-12-21 with Trivy.

The report below was generated on 2022-11-22 with Trivy.

The report below was generated on 2022-10-25 with Trivy.