Jenkins setup: jenkins/jenkins:lts-almalinux Docker Image
Hi Team,
New comer here ! Looking for some support in the following:
Recently, our vulnerability scanner is flagging some vulneabilities in this containers. Some of these vulnerabilities are mentioned as Critical & High.
We updated the image, however the scanner is still flagging the vulnerabilities
Also I found a thread related to this here:Is there a Jenkins Docker image without security vulnerabilities? - #6 by ohbei
From the above link, I gather that the scanners are mostly just identifying vulns related to the underlying packages & libraries and not related to Jenkins itself, or not even how Jenkins uses it
In that sense, we might mark the vulnerability as Not Applicable in our case
The reason Im raising is just to confirm whether or not this is the case
I apologize if this is not the right place to raise the query, but I want to be sure before marking the findings as Not Applicable
Thank you & Hope you guys have a great day ahead 
Best Regards,