[Snyk] Security upgrade python from 3.6-slim to 3.9.13-slim #23

toharzand · 2022-05-19T20:03:36Z

This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

docker/Dockerfile.python-3.6

We recommend upgrading to python:3.9.13-slim, as this image has only 47 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Priority Score / 1000	Issue	Exploit Maturity
500	Buffer Overflow SNYK-DEBIAN11-GLIBC-2340922	No Known Exploit
514	CVE-2021-4160 SNYK-DEBIAN11-OPENSSL-2388380	No Known Exploit
614	Loop with Unreachable Exit Condition ('Infinite Loop') SNYK-DEBIAN11-OPENSSL-2426309	No Known Exploit
786	OS Command Injection SNYK-DEBIAN11-OPENSSL-2807596	No Known Exploit
786	OS Command Injection SNYK-DEBIAN11-OPENSSL-2807596	No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2388380 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2426309 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2807596 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2807596

prisma-cloud-devsecops

Prisma Cloud has found configuration errors in this PR ⬇️

prisma-cloud-devsecops · 2022-05-19T20:06:16Z

docker/Dockerfile.python-3.6

@@ -1,4 +1,4 @@
-FROM python:3.6-slim
+FROM python:3.9.13-slim


A user for the container has not been created
Resource: /docker/Dockerfile.python-3.6. | ID: BC_DKR_3

Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.
Benchmarks

CIS DOCKER V1.2 4.1

prisma-cloud-devsecops · 2022-05-19T20:06:16Z

docker/Dockerfile.python-3.6

@@ -1,4 +1,4 @@
-FROM python:3.6-slim
+FROM python:3.9.13-slim


Healthcheck instructions have not been added to container images
Resource: /docker/Dockerfile.python-3.6. | ID: BC_DKR_2

Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.
An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.

Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.

Benchmarks

CIS DOCKER V1.2 4.6

prisma-cloud-devsecops · 2022-05-19T20:06:16Z

docker/Dockerfile.python-3.6

@@ -1,4 +1,4 @@
-FROM python:3.6-slim
+FROM python:3.9.13-slim

 MAINTAINER Snyk Ltd


LABEL maintainer is used instead of MAINTAINER (deprecated)
Resource: /docker/Dockerfile.python-3.6.MAINTAINER | ID: BC_DKR_6

Description
The LABEL instruction is much more flexible and recommended to replace the MAINTAINER (deprecated) instruction in a Dockerfile.