actions-runner-controller icon indicating copy to clipboard operation
actions-runner-controller copied to clipboard
verified publisher icon actions

Critical and High severity issue on summerwind/actions-runner:latest

Open shettarvinay opened this issue 3 years ago • 1 comments

Describe the bug Critical and High severity issue on summerwind/actions-runner:latest

To Reproduce Scan the docker image for security compliance

Expected behavior Image to be free of severities

Screenshots image

shettarvinay avatar Mar 15 '22 07:03 shettarvinay

@mumoshu : We are presently connecting with our docker image scan tool owner to check if the results found are false positive, as go is not directly found on the runner and runner-dind images.

Also, we scanned the same images (runner and runner-dind) with docker scan image_name, for which results were logged to https://app.snyk.io/ and turns out that , it doesn't report go vulnerabilities and minimatch.

Btw, openssl issue is newly found and is getting reported from our internal used docker scan tool as well as docker scan command and logged in snyk, PFA below.

Let me know if your findings are same as ours, thanks :)

FYR screenshot below image

shettarvinay avatar Mar 18 '22 07:03 shettarvinay