DefectDojo - Scanning with Trivy #12039
Replies: 3 comments 2 replies
-
|
I guess there is a lot of information missing:
|
Beta Was this translation helpful? Give feedback.
-
|
Every monthly release the container base images and python libraries are updated which should solve the largest part of vulnerabilities. That's about as much as we can do. As described in https://docs.defectdojo.com/en/open_source/installation/running-in-production/ the containers provided are a good starting point, but some work is needed to run them in production. If you have strict security compliance requirements you may to have to build your own images. In my experience a very large percentage of the vulnerabilities found are not exploitable. We do act on vulnerabilities reported by Dependabot: https://github.com/DefectDojo/django-DefectDojo/security/dependabot (not sure if this is visible to the public) |
Beta Was this translation helpful? Give feedback.
-
|
All images are released with |
Beta Was this translation helpful? Give feedback.
-
|
I tried scanning with dockle and only got a few minor findings. I scanned the django:latest (debian) with Trivy and got tons of findings. But Alot are all duplicates or at least for the same. Should I try to fix these or are they not a major concern? |
Beta Was this translation helpful? Give feedback.
-
|
As stated before every month our base image and libraries are updated. If you want to update faster than that you need to build your own images. In my experience base images always contain some vulnerabilities, some of them are unfixable. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have scanned the 4 running containers, and they have hundreds of vulnerability findings. How can I get these containers so they scan clean? I am not trying to fix every single one of these. Thanks!!
Beta Was this translation helpful? Give feedback.
All reactions