New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade python from 3.8-slim to 3.14.0a3-slim #140

Open

toharzand wants to merge 1 commit into master from snyk-fix-5e5c1567d33ef00af302256890e9e5b1

Open

[Snyk] Security upgrade python from 3.8-slim to 3.14.0a3-slim #140

docker/Dockerfile.python-3.8

Original file line number Diff line number Diff line change

@@ -1,4 +1,4 @@

FROM python:3.8-slim

FROM python:3.14.0a3-slim

prisma-cloud-devsecops bot Dec 31, 2024

LOW

Healthcheck instructions have not been added to container images
Resource: /docker/Dockerfile.python-3.8. | Checkov ID: CKV_DOCKER_2

Description

We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.
An important security control is that of availability.
Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.

prisma-cloud-devsecops bot Dec 31, 2024

LOW

A user for the container has not been created
Resource: /docker/Dockerfile.python-3.8. | Checkov ID: CKV_DOCKER_3

Description

The policy's primary purpose is to verify that a dedicated user has been explicitly created for running the container. This is essential to avoid running the container with root privileges, which could introduce significant security risks in case of a compromise. Running containers as a non-root user reduces the potential impact of a security breach.

prisma-cloud-devsecops bot Dec 31, 2024

libgcrypt20 1.10.1-3 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 1

Critical: 0	High: 0	Medium: 0	Low: 1

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2024-2236	LOW	-	`-`	Open

prisma-cloud-devsecops bot Dec 31, 2024

shadow 1:4.13+dfsg1-1 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 2

Critical: 0	High: 0	Medium: 0	Low: 2

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2023-29383	LOW	3.3	`-`	Open
CVE-2023-4641	LOW	5.5	`-`	Open

prisma-cloud-devsecops bot Dec 31, 2024

pam 1.5.2-6+deb12u1 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 2

Critical: 0	High: 0	Medium: 0	Low: 2

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2024-10041	LOW	-	`-`	Open
CVE-2024-22365	LOW	5.5	`-`	Open

prisma-cloud-devsecops bot Dec 31, 2024

ncurses 6.4-4 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 1

Critical: 0	High: 0	Medium: 0	Low: 1

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2023-50495	LOW	6.5	`-`	Open

prisma-cloud-devsecops bot Dec 31, 2024

perl 5.36.0-7+deb12u1 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 1

Critical: 0	High: 0	Medium: 0	Low: 1

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2023-31484	LOW	8.1	`-`	Open

prisma-cloud-devsecops bot Dec 31, 2024

pip 24.3.1 / Dockerfile.python-3.8.FROM

Total vulnerabilities: 1

Critical: 0	High: 1	Medium: 0	Low: 0

Vulnerability ID	Severity	CVSS	Fixed in	Status
PRISMA-2022-0168	HIGH	7.8	`-`	Open

MAINTAINER Snyk Ltd

Expand Down