Analyzing 'trole-api:latest' with Docker Scout

in SPK Network10 months ago (edited)

image.png

Next week, the SpeakNetwork Community plans to continue testing the local Storage-Node software during our TestNet-Sprint. In preparation for this event, I have conducted a thorough analysis of the Docker container using Docker-Scout, and I am sharing the results in this article. This analysis aims to provide guidance and assistance to the developers, urging them to review the package carefully and address some of the identified security vulnerabilities before we proceed with further testing.

I understand that addressing these issues may require significant effort, but I believe it is essential for ensuring the security and reliability of the software. The SpeakNetwork Community is ready and willing to assist by testing newer packages and providing direct feedback across various systems. Our collective goal is to improve the software's robustness and security, creating a more reliable platform for all users.

This article outlines the vulnerabilities found, categorized by severity, and offers recommendations for updating or changing the base image to mitigate these risks. I encourage the developers to prioritize these security fixes, as it will significantly enhance the testing process and overall software quality. We are committed to supporting the developers in this endeavor, ensuring that our testing environment is as secure and stable as possible.

Docker Container Analysis with Docker-Scout

The following presents the analysis results of a Docker container using Docker-Scout to help the software author address potential vulnerabilities.

image.png

Overview

Analyzed Image
Targetlocal://trole-api:latest
Digest17558460b011
Platformlinux/amd64
Vulnerabilities2C 9H 8M 108L 7?
Size530 MB
Packages1087

Packages and Vulnerabilities

1. git 1:2.39.2-1.1

2. crypto-js 3.3.0

3. node-forge 0.7.6

4. node-forge 0.10.0

5. ip 1.1.9

6. libwmf 0.2.12-5.1

7. nghttp2 1.52.0-1+deb12u1

8. axios 0.27.2

9. openjpeg2 2.5.0-2

10. tiff 4.5.0-6+deb12u1

11. openssh 1:9.2p1-2+deb12u2

12. imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1

13. glibc 2.36-9+deb12u7

14. binutils 2.40-2

15. patch 2.7.6-7

16. openldap 2.5.13+dfsg-5

17. systemd 252.22-1~deb12u1

18. m4 1.4.19-3

19. shadow 1:4.13+dfsg1-1

20. perl 5.36.0-7+deb12u1

21. expat 2.5.0-1

22. util-linux 2.38.1-5+deb12u1

23. gnutls28 3.7.9-2+deb12u2

24. gnupg2 2.2.40-1.1

25. libxml2 2.9.14+dfsg-1.3~deb12u1

26. apt 2.6.1

27. libxslt 1.1.35-1

28. libgcrypt20 1.10.1-3

29. sqlite3 3.40.1-2

30. libpng1.6 1.6.39-2

31. curl 7.88.1-10+deb12u5

32. coreutils 9.1-1

33. gcc-12 12.2.0-14

34. libheif 1.15.1-1

35. tar 1.34+dfsg-1.2+deb12u1

36. krb5 1.20.1-2+deb12u1

37. glib2.0 2.74.6-2+deb12u2

38. jbigkit 2.1-6.1

39. unzip 6.0-28

40. openexr 3.1.5-5

41. openssl 3.0.11-1~deb12u2

42. elfutils 0.188-2.1

43. pixman 0.42.2-1

44. jansson 2.14-2

45. libyaml 0.2.5-1

46. aom 3.6.0-1

Summary of Findings

  • 134 vulnerabilities found in 46 packages:
    • 2 Critical
    • 9 High
    • 8 Medium
    • 108 Low
    • 7 Unspecified

Conclusion

The analysis reveals multiple critical and high vulnerabilities in the Docker container. It is recommended to update the affected packages or find alternative solutions to ensure the container's security.

For detailed information, refer to the provided CVE and GMS links.

image.png

Recommended fixes

Base Image Information

Base image: node:18

NameDigestVulnerabilitiesPushedSizePackagesRuntime
18sha256:7176e37dd29986e14c923bb38f2331f767e167c944915448091039d66dfd10291C, 2H, 3M, 103L, 3?1 month ago396 MB74718

The base image is also available under the supported tag(s): 18-bookworm, 18.20, 18.20-bookworm, 18.20.3, 18.20.3-bookworm, hydrogen, hydrogen-bookworm. To display recommendations for a different tag, re-run the command using the --tag flag.

Refresh Base Image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Current Status: This image version is up to date.

Change Base Image

The list displays new recommended tags in descending order, where the top results are rated as most suitable.

TagBenefitsPushedVulnerabilities
22-slim- Image is smaller by 305 MB
- Image contains 425 fewer packages
- Major runtime version update
- Tag was pushed more recently
- Image introduces no new vulnerability but removes 86
- Tag is using slim variant		2 weeks ago0C, 0H, 0M, 23L
20-slim- Image is smaller by 309 MB
- Image contains 423 fewer packages
- Major runtime version update
- Tag was pushed more recently
- Image introduces no new vulnerability but removes 86
- Tag is using slim variant		1 day ago0C, 0H, 0M, 23L
22- Image contains 2 fewer packages
- Major runtime version update
- Tag was pushed more recently
- Image has similar size
- Tag is latest
- Image has same number of vulnerabilities		2 weeks ago1C, 2H, 3M, 103L, 3?
18-slim- Image is smaller by 312 MB
- Image contains 423 fewer packages
- Image introduces no new vulnerability but removes 86
- Tag is using slim variant
- 18-slim was pulled 33K times last month		1 month ago0C, 0H, 0M, 23L
20- Major runtime version update
- Tag was pushed more recently
- Image has similar size
- Image has same number of vulnerabilities
- Image contains equal number of packages		1 day ago1C, 2H, 3M, 103L, 3?

Image details:

  • 22-slim: Size: 76 MB, Runtime: 22
  • 20-slim: Size: 71 MB, Runtime: 20.15.0
  • 22: Size: 402 MB, Runtime: 22
  • 18-slim: Size: 69 MB, Runtime: 18
  • 20: Size: 398 MB, Runtime: 20.15.0

I hope this help, if u need further details, hit me up or install docker-desktop with the docker-scout integration to analyse docker-containers.

Thanks and Greetings.

#spknetwork #speaknetwork #testprint #developemt #hive #ipfs #storage #docker #docker-scout #spktestnet
10 months ago in SPK Network by
$21.48
  • Past Payouts $21.48
  • - Author $10.75
  • - Curators $10.73
220 votes
Reply 2
Sort:  
  • Trending
    • [-]
     10 months ago  

    Congratulations @louis88! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

    You distributed more than 185000 upvotes.
    Your next target is to reach 190000 upvotes.

    You can view your badges on your board and compare yourself to others in the Ranking
    If you no longer want to receive notifications, reply to this comment with the word STOP

    Check out our last posts:

    Be ready for the July edition of the Hive Power Up Month!
    Hive Power Up Day - July 1st 2024
    $0.00
      Reply