-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Private keys cause Trivy HIGH vulnerability alerts #1158
Comments
+1 we have the same issue as I see these files are needed for testing purposes so you can provide this in Travis settings or through repository secrets |
@zyv4yk - I was curious how any of this code was getting into our
Once we removed that, the Trivy vulnerability went away, so I recommend you take a look at how this code is actually getting into your container in the first place. |
What about people who clone the repo and want to run the tests? |
@gmlewis Thanks, will analyze my |
When building a Docker image using this package, and then performing a Trivy scan on it, it reports HIGH vulnerability errors due to the private keys in the
certs
dir that are used for testing purposes on Travis:One solution could be to delete the
certs
directory during the Docker image build, but I thought I should report this in case others run into the issue.The text was updated successfully, but these errors were encountered: