Hi <@U04KWUX17BK> WireMock doesn't use SQLite at a...
# wiremock-javat
Tom
01/19/2023, 7:34 PMHi @Sofia Pacifico WireMock doesn't use SQLite at all so from that perspective you're safe.
I'm surprised to see that SQLite is even present in the image though. Do you mind sharing your scan report and the details of the tool you used to obtain it?
👍 1
s
Sofia Pacifico
01/20/2023, 3:41 PMHi @Tom, my apologies for the delay and thanks a lot for your quick response. Below you will find an screenshot of the vulnerabilities shown by the AWS ECR scan vulnerabilities tool (if you need more details, don't hesitate to let me know) I just upload to a private repo the wiremock docker images, none of them is high or critical, I just wanted to check with you if there is something we can do to avoid this or we just can ignore this report. In advance, thanks a lot for your help with this.
t
Tom
01/23/2023, 11:57 AMThanks for sharing this @Sofia Pacifico, I’ll see if there’s a way we can strip out more of the unnecessary libraries.
One more question - were you using one of the Alpine builds or Debian?
❤️ 1
s
Sofia Pacifico
01/23/2023, 3:09 PM@Tom I am using Debian build. Thank you very much for your help here :)!
👍 1
Sofia Pacifico
01/24/2023, 3:38 PMHi @Tom! I just wanted to keep you updated. I tested with alpine build and I was not able to see any vulnerability! "Initial scan has been completed and image is continuously being scanned for new vulnerabilities. No vulnerabilities are currently found." 🙂
t
Tom
01/24/2023, 3:38 PMThanks for the update. Glad to hear there’s a vuln free option at the moment.
2 Views