Trivy scan errors with pyenv installation in Dockerfile #2956
Comments
|
These are old releases and naturally, they have older versions of libraries bundled. (See Status of Python versions) 3.7 is EOL so it's unpatched. We can accept a patch PR with a fix from an interested party. |
|
So as per above, I'm not sure what you expect us to do. |
|
@native-api , my requirement is to install multiple versions of python inside a docker image. For that reason, I used pyenv and when I scan my image with trivy , it was giving me these vulnerabilties. So , was unsure what to do Even if I use 3.8 and the above versions, I am getting this issue . Hope my requirement is clear. Also ,can you suggest me to achieve my requirement in a different approach , if there are any ? |
|
You can upgrade setuptools after installation. In fact, since 3.4, CPython's build is supposed to do that itself during the build. Then, unless you require specific micro versions, you can |
This is my dockerfile
RUN curl https://pyenv.run | bash
ENV PYENV_ROOT="/root/.pyenv"
ENV PATH="$PYENV_ROOT/bin:$PYENV_ROOT/shims:$PATH"
RUN echo 'eval "$(pyenv init --path)"' >> /root/.bashrc
RUN pyenv install 3.7.17
&& pyenv install 3.8.18
&& pyenv install 3.9.18
&& pyenv install 3.10.13
&& pyenv install 3.11.5
RUN pyenv versions
RUN pyenv global 3.7.17 3.8.18 3.9.18 3.10.13 3.11.5
My base image is clean and doesn't have any vulnerabilities
When I execute this command below:-
trivy image --severity HIGH,CRITICAL --ignore-unfixed image_name
I am getting these vulnerabilities:-
Thanks
The text was updated successfully, but these errors were encountered: