This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Docker scan reporting just one vulnerability while anchore reporting much more - something wrong? #167

Open

nithanda opened this issue Jul 30, 2021 · 2 comments

nithanda commented Jul 30, 2021

Description

docker scan reported only 1 vulnerability, while if i use anchore (syft), it reports 100+. Why results are so different - is it because with docker you are only showing limited?

docker scan xxxx

Testing xxxx...

✗ High severity vulnerability found in krb5-libs
Description: ELSA-2021-9294
Info: https://snyk.io/vuln/SNYK-ORACLE7-KRB5LIBS-1303151
Introduced through: krb5-libs@1.15.1-50.el7
From: krb5-libs@1.15.1-50.el7
Fixed in: 0:1.15.1-50.0.1.el7

Package manager: rpm
Project name: docker-image|xxxx
Docker image: xxxx
Platform: linux/amd64

Tested 215 dependencies for known vulnerabilities, found 1 vulnerability.

For more free scans that keep your images secure, # to Snyk at https://dockr.ly/3ePqVcp

Sample output from anchore (with same image)

NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
avro 1.10.1 CVE-2019-17195 Critical
bzip2 0.9.1 CVE-2005-1260 Medium
bzip2 0.9.1 CVE-2010-0405 Medium
bzip2 0.9.1 CVE-2011-4089 Medium
bzip2 0.9.1 CVE-2019-12900 Critical
click 6.7 CVE-2015-8768 Critical
client 1.20.19 CVE-2008-1106 High
client 1.20.19 CVE-2013-3705 Medium
client 1.20.19 CVE-2016-0799 Critical
client 1.20.19 CVE-2016-0800 Medium
client 1.20.19 CVE-2018-7687 High
client 1.22.5 CVE-2008-1106 High
client 1.22.5 CVE-2013-3705 Medium
client 1.22.5 CVE-2016-0799 Critical
client 1.22.5 CVE-2016-0800 Medium
client 1.22.5 CVE-2018-7687 High
common 1.22.5 CVE-2015-5723 High
common 1.10.10 CVE-2015-5723 High
common 1.20.19 CVE-2015-5723 High
common 0.5.65 CVE-2015-5723 High
common 1.13.32 CVE-2015-5723 High
commons-collections4 4.4 CVE-2013-1907 Medium
commons-collections4 4.4 CVE-2013-1908 Medium
commons-compress 1.20 CVE-2013-1907 Medium
commons-compress 1.20 CVE-2013-1908 Medium
commons-compress 1.20 CVE-2021-35515 High
commons-compress 1.20 CVE-2021-35516 High
commons-compress 1.20 CVE-2021-35517 High
commons-compress 1.20 CVE-2021-36090 High
commons-csv 1.8 CVE-2013-1907 Medium
commons-csv 1.8 CVE-2013-1908 Medium

nithanda changed the title ~~Docker scan reporting just one vulnerability while anchore reporting so many - something wrong?~~ Docker scan reporting just one vulnerability while anchore reporting much more - something wrong?

Author

nithanda commented Aug 2, 2021

Any updates to this issue?

Member

mat007 commented Aug 3, 2021 •

edited

Loading

Hi @nithanda,
Docker Scan is a Docker CLI plugin wrapping Snyk which actually implements the scanning.
This looks like you may want to ask your question directly at https://github.com/snyk/snyk/ maybe?

# for free to subscribe to this conversation on GitHub. Already have an account? #.