This repository has been archived by the owner on Jul 29, 2024. It is now read-only.
Twistlock security scan shows that private keys are stored in the container #5538
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi there!
Twistlock vulnerability scans raise a compliance alarm on images containing Protractor node module:
Private keys stored in image:
Found:
node_modules/browserstack/node_modules/agent-base/test/ssl-cert-snakeoil.key ,
node_modules/saucelabs/node_modules/agent-base/test/ssl-cert-snakeoil.key
Private keys stored in image"
Steps to reproduce
Install Protractor. Build a docker image containing that node module and run that image through Twistlock scanning.
Expected outcome
Successful Twistlock scan completion without errors.
Actual outcome
Twistlock raises a compliance issue because server.key file is included.
Suggested fix
Update saucelab and agent-base to the latest version
The text was updated successfully, but these errors were encountered: