Remedy Docker Scout false postive reports of golang based vulnerabilties using govulnchecker #749
Assignees
Labels
community_new
New idea raised by a community contributor
Comments
grooverdan
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tell us about your request
Because golang has so many vulnerabilities, any golang application superficially gets tagged with every vulnerability of golang.
Usually all are false positives.
Which service(s) is this request for?
Docker Scout
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
I, as a package maintainer, of the MariaDB Docker Official Images get panicking users complain about the security of the because on simple golang executable gosu.
Example: MariaDB/mariadb-docker#546
Compounded by this is the Docker Scout results on Docker Hub
For example, using previous link:
ref: docker-library/official-images#14889
Are you currently working around the issue?
Writing docs https://github.com/MariaDB/mariadb-docker/blob/master/SECURITY.md (that aren't read as I'd like).
Answering issues frequently. Hating Docker Scout more each time it happens (not sure that's a work around).
Additional context
There's a program to check these https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck, so you don't need to report them.
The text was updated successfully, but these errors were encountered: