Jenkins Docker Images - Vulnerabilities being Flagged by AWS ECR Scanner

Jenkins setup: jenkins/jenkins:lts-almalinux Docker Image

Hi Team,

New comer here ! Looking for some support in the following:

Recently, our vulnerability scanner is flagging some vulneabilities in this containers. Some of these vulnerabilities are mentioned as Critical & High.

We updated the image, however the scanner is still flagging the vulnerabilities

Also I found a thread related to this here:Is there a Jenkins Docker image without security vulnerabilities? - #6 by ohbei

From the above link, I gather that the scanners are mostly just identifying vulns related to the underlying packages & libraries and not related to Jenkins itself, or not even how Jenkins uses it

In that sense, we might mark the vulnerability as Not Applicable in our case

The reason Im raising is just to confirm whether or not this is the case

I apologize if this is not the right place to raise the query, but I want to be sure before marking the findings as Not Applicable

Thank you & Hope you guys have a great day ahead :slight_smile:

Best Regards,

1 Like