If you run a security scanner on your Docker image, you might be in for a shock: often you’ll be warned of dozens of security vulnerabilities, even on the most up-to-date image. After the third or fourth time you get this result, you’ll start tuning the security scanner out.
Eventually, you won’t pay attention to the security scanner at all—and you might end up missing a real security vulnerability that slipped through.
This is not your fault: the problem is the way many security scanners report their results. So let’s see what they output, why it’s problematic, and how to get more useful security scanner results.
Read more...from Planet Python
via read more
No comments:
Post a Comment