Audit finds 2/3 of popular docker images have medium to high security issues
Arthur Lutz likes this.
Claes Wallin (韋嘉誠), Olivier Mehani shared this.
Show all 6 replies
Indeed that doesn't seem surprising. It's like saying most debian iso images available at http://cdimage.debian.org/mirror/cdimage/archive/ have security issues.
Ofcourse they do if you don't run "apt-get -y update && apt-get -y upgrade" on them. A typical Dockerfile will start with apt-get -y update && apt-get -y upgrade.
Ofcourse they do if you don't run "apt-get -y update && apt-get -y upgrade" on them. A typical Dockerfile will start with apt-get -y update && apt-get -y upgrade.
Sorry for not being well-versed in Docker stuff, but if you are running the docker file, aren't you bypassing the whole binary image conundrum? And the point is that people are using binary images and that's where the problem lies?
Avoid RUN apt-get upgrade or dist-upgrade, since many of the “essential” packages from the base images will fail to upgrade inside an unprivileged container. If a base package is out of date, you should contact its maintainers. If you know there’s a particular package, foo, that needs to be updated, use apt-get install -y foo and it will update automatically.
official Docker best practices
Christopher Allan Webber at 2015-05-31T14:51:45Z
Claes Wallin (韋嘉誠) likes this.
(Discussion of that on the LWN thread I posted, too)