Skip to content
This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Add flag to scan app vulnerabilities #178

Merged
merged 1 commit into from
Dec 11, 2021
Merged

Add flag to scan app vulnerabilities #178

merged 1 commit into from
Dec 11, 2021

Conversation

StefanScherer
Copy link
Member

Signed-off-by: Stefan Scherer stefan.scherer@docker.com

- What I did

Always add the --app-vulns flag to the container test command to scan for more vulnerabilities.

- How I did it

- How to verify it

Run eg. docker scan elastic/logstash:7.13.4

- Description for the changelog

- A picture of a cute animal (not mandatory)

@StefanScherer
Add --app-vulns flag
b99f578 
Signed-off-by: Stefan Scherer <stefan.scherer@docker.com>
@StefanScherer
Copy link
Member Author

Full output of the scan command is very verbose now:

$ docker scan elastic/logstash:7.13.4



Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   rpm
Project name:      docker-image|elastic/logstash
Docker image:      elastic/logstash:7.13.4
Platform:          linux/amd64
Base image:        centos:centos7.9.2009
Licenses:          enabled

✓ Tested 150 dependencies for known issues, no vulnerable paths found.

According to our scan, you are currently using the most secure version of the selected base image

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/jdk/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/jdk/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 38 dependencies for known issues, found 3 issues.


Issues to fix by upgrading:

  Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.9.10 to com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.4 to fix
  ✗ Denial of Service (DoS) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329] in com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.9.10
    introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.9.10

  Upgrade com.google.guava:guava@24.1.1-jre to com.google.guava:guava@30.0-jre to fix
  ✗ Information Disclosure [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@24.1.1-jre
    introduced by com.google.guava:guava@24.1.1-jre

  Upgrade org.apache.logging.log4j:log4j-core@2.14.0 to org.apache.logging.log4j:log4j-core@2.15.0 to fix
  ✗ Arbitrary Code Execution (new) [Critical Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720] in org.apache.logging.log4j:log4j-core@2.14.0
    introduced by org.apache.logging.log4j:log4j-core@2.14.0



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/logstash-core/lib/jars
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/logstash-core/lib/jars
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/tools/ingest-converter/build/libs
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/tools/ingest-converter/build/libs
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/atomic-1.1.101-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/atomic-1.1.101-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/hitimes-1.3.1-java/lib/hitimes
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/hitimes-1.3.1-java/lib/hitimes
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/http_parser.rb-0.6.0-java/ext/ruby_http_parser/vendor/http-parser-java/ext
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/http_parser.rb-0.6.0-java/ext/ruby_http_parser/vendor/http-parser-java/ext
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/http_parser.rb-0.6.0-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/http_parser.rb-0.6.0-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-core/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-core/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.8
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.8
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/jrjackson/jars
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.14-java/lib/jrjackson/jars
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-stdin-channel-0.2.0-java/lib/jruby_stdin_channel
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-stdin-channel-0.2.0-java/lib/jruby_stdin_channel
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/json-1.8.6-java/lib/json/ext
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/json-1.8.6-java/lib/json/ext
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-date-3.1.9/vendor/jar-dependencies/org/logstash/filters/logstash-filter-date/3.1.6
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-date-3.1.9/vendor/jar-dependencies/org/logstash/filters/logstash-filter-date/3.1.6
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-dissect-1.2.0/vendor/jars/org/logstash/dissect/jruby-dissect-library/1.2.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-dissect-1.2.0/vendor/jars/org/logstash/dissect/jruby-dissect-library/1.2.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.9.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.9.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-useragent-3.2.4-java/vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/3.2.4
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-useragent-3.2.4-java/vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/3.2.4
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/google/code/gson/gson/2.8.5
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/google/code/gson/gson/2.8.5
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-eventhubs/2.2.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-eventhubs/2.2.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-eventhubs-eph/2.4.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-eventhubs-eph/2.4.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-storage/8.0.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/azure-storage/8.0.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/qpid-proton-j-extensions/1.1.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/com/microsoft/azure/qpid-proton-j-extensions/1.1.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.9.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.9.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-slf4j-impl/2.9.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-slf4j-impl/2.9.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/qpid/proton-j/0.33.3
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/qpid/proton-j/0.33.3
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.5
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.5-java/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.5
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-dead_letter_queue-1.1.5/vendor/jar-dependencies/co/elastic/logstash/input/logstash-input-dead_letter_queue/1.1.4
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-dead_letter_queue-1.1.5/vendor/jar-dependencies/co/elastic/logstash/input/logstash-input-dead_letter_queue/1.1.4
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.4/lib/jars
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.4/lib/jars
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.3.7
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.3.7
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.7/vendor/jar-dependencies/org/snmp4j/snmp4j/2.8.4
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.7/vendor/jar-dependencies/org/snmp4j/snmp4j/2.8.4
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.0.10-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.0.10-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.apache.derby:derby@10.14.1.0 to org.apache.derby:derby@10.14.2.0 to fix
  ✗ Security Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDERBY-32274] in org.apache.derby:derby@10.14.1.0
    introduced by org.apache.derby:derby@10.14.1.0



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-jdbc-5.0.7/vendor/jar-dependencies/org/apache/derby/derby/10.14.1.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-jdbc-5.0.7/vendor/jar-dependencies/org/apache/derby/derby/10.14.1.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-jdbc-5.0.7/vendor/jar-dependencies/org/apache/derby/derbyclient/10.14.1.0
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-jdbc-5.0.7/vendor/jar-dependencies/org/apache/derby/derbyclient/10.14.1.0
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/com/github/luben/zstd-jni/1.4.4-7
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/com/github/luben/zstd-jni/1.4.4-7
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/common-config/5.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/common-config/5.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/common-utils/5.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/common-utils/5.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-avro-serializer/5.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-avro-serializer/5.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-schema-registry-client/5.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-schema-registry-client/5.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-schema-serializer/5.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/io/confluent/kafka-schema-serializer/5.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/javax/ws/rs/javax.ws.rs-api/2.1.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/javax/ws/rs/javax.ws.rs-api/2.1.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/avro/avro/1.9.2
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/avro/avro/1.9.2
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.apache.kafka:kafka-clients@2.5.1 to org.apache.kafka:kafka-clients@2.7.2 to fix
  ✗ Timing Attack [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-1540737] in org.apache.kafka:kafka-clients@2.5.1
    introduced by org.apache.kafka:kafka-clients@2.5.1



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/kafka/kafka-clients/2.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/kafka/kafka-clients/2.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/kafka/kafka_2.12/2.5.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/apache/kafka/kafka_2.12/2.5.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.glassfish.jersey.core:jersey-common@2.33 to org.glassfish.jersey.core:jersey-common@2.34 to fix
  ✗ Information Disclosure [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637] in org.glassfish.jersey.core:jersey-common@2.33
    introduced by org.glassfish.jersey.core:jersey-common@2.33



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/glassfish/jersey/core/jersey-common/2.33
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/glassfish/jersey/core/jersey-common/2.33
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/lz4/lz4-java/1.7.1
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/lz4/lz4-java/1.7.1
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/slf4j/slf4j-api/1.7.30
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/slf4j/slf4j-api/1.7.30
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/xerial/snappy/snappy-java/1.1.7.3
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-integration-kafka-10.7.6-java/vendor/jar-dependencies/org/xerial/snappy/snappy-java/1.1.7.3
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade commons-codec:commons-codec@1.10 to commons-codec:commons-codec@1.13 to fix
  ✗ Information Exposure [Low Severity][https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10
    introduced by commons-codec:commons-codec@1.10



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/commons-codec/commons-codec/1.10
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/commons-codec/commons-codec/1.10
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/commons-logging/commons-logging/1.2
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/commons-logging/commons-logging/1.2
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 2 issues.


Issues to fix by upgrading:

  Upgrade org.apache.httpcomponents:httpclient@4.5.2 to org.apache.httpcomponents:httpclient@4.5.13 to fix
  ✗ Improper Input Validation [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.2
    introduced by org.apache.httpcomponents:httpclient@4.5.2
  ✗ Directory Traversal [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517] in org.apache.httpcomponents:httpclient@4.5.2
    introduced by org.apache.httpcomponents:httpclient@4.5.2



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpclient/4.5.2
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpclient/4.5.2
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpcore/4.4.4
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpcore/4.4.4
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpmime/4.5.2
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/apache/httpcomponents/httpmime/4.5.2
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/manticore
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/org/manticore
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/march_hare-4.3.0-java/lib/ext
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/march_hare-4.3.0-java/lib/ext
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 3 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/msgpack-1.4.2-java/lib/msgpack
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/msgpack-1.4.2-java/lib/msgpack
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/murmurhash3-0.1.6-java/ext/murmurhash3
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/murmurhash3-0.1.6-java/ext/murmurhash3
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nio4r-2.5.7-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nio4r-2.5.7-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nokogiri-1.11.7-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nokogiri-1.11.7-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 5 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nokogiri-1.11.7-java/lib/nokogiri
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/nokogiri-1.11.7-java/lib/nokogiri
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/puma-4.3.8-java/lib/puma
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/puma-4.3.8-java/lib/puma
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snappy-0.0.12-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snappy-0.0.12-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snappy-jars-1.1.0.1.2-java/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snappy-jars-1.1.0.1.2-java/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/thread_safe-0.3.6-java/lib/thread_safe
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/thread_safe-0.3.6-java/lib/thread_safe
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/jline/jline/2.14.6
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/jline/jline/2.14.6
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/json/ext
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/json/ext
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcpkix-jdk15on/1.65
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcpkix-jdk15on/1.65
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Tested 1 dependencies for known issues, found 2 issues.


Issues to fix by upgrading:

  Upgrade org.bouncycastle:bcprov-jdk15on@1.65 to org.bouncycastle:bcprov-jdk15on@1.67 to fix
  ✗ Timing Attack [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1296075] in org.bouncycastle:bcprov-jdk15on@1.65
    introduced by org.bouncycastle:bcprov-jdk15on@1.65
  ✗ Comparison Using Wrong Factors [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1052448] in org.bouncycastle:bcprov-jdk15on@1.65
    introduced by org.bouncycastle:bcprov-jdk15on@1.65



Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcprov-jdk15on/1.65
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcprov-jdk15on/1.65
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.65
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.65
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/yaml/snakeyaml/1.26
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/yaml/snakeyaml/1.26
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested 1 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/racc
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/racc
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/vendor/jruby/samples
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/vendor/jruby/samples
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing elastic/logstash:7.13.4...

Organization:      stefan.scherer
Package manager:   maven
Target file:       /usr/share/logstash/x-pack/build/libs
Project name:      elastic/logstash:7.13.4:/usr/share/logstash/x-pack/build/libs
Docker image:      elastic/logstash:7.13.4
Licenses:          enabled

✓ Tested elastic/logstash:7.13.4 for known issues, no vulnerable paths found.


Tested 88 projects, 7 contained vulnerable paths.

chris-crone
chris-crone approved these changes Dec 11, 2021
View reviewed changes
Copy link
Member

@chris-crone chris-crone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chris-crone chris-crone merged commit e2f8c4d into docker:main Dec 11, 2021
@StefanScherer StefanScherer deleted the add-app-vulns-flag branch December 11, 2021 13:51
@StefanScherer StefanScherer mentioned this pull request Dec 11, 2021
Merged
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@justincormack justincormack justincormack approved these changes

@chris-crone chris-crone chris-crone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@StefanScherer @justincormack @chris-crone