You can use the GetImage API to retrieve additional CVE information for any Docker image uploaded to LUSID. For example, if you are unable to create a job from your Docker image lusid-upsert-transactions-image:latest
, you could look at the available CVE information for all severity levels and use it to troubleshoot for yourself, or alternatively contact support.
curl -X GET
"https://<your-domain>.lusid.com/scheduler2/api/images/<your-image-name>%3A<your-image-tag>"
-H "accept: application/json"
-H "Authorization: Bearer <your-token>"
A response might look like this, with any vulnerabilities
listed:
{
"name": "lusid-upsert-transactions-image",
"pushTime": "2023-04-19T13:36:34.0000000+00:00",
"digest": "sha256:5b9810705c893d80f403a0111d932b392b2a53798bd8570d6010c34fb3cf1354",
"size": 131485064,
"tags": [
{
"name": "latest",
"pullTime": "0001-01-01T00:00:00.0000000+00:00",
"pushTime": "0001-01-01T00:00:00.0000000+00:00",
"signed": false,
"immutable": false
}
],
"scanReport": {
"severity": "High",
"status": "COMPLETE",
"endTime": "2023-04-19T13:36:42.0000000+00:00",
"summary": {
"total": 51,
"critical": 0,
"high": 0,
"medium": 4,
"low": 5,
"negligible": 34,
"unknown": 8
},
"vulnerabilities": [
{
"name": "CVE-2022-1304",
"severity": "Medium",
"description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"links": [
"https://security-tracker.debian.org/tracker/CVE-2022-1304"
]
},
{
"name": "CVE-2021-33560",
"severity": "Medium",
"description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.",
"links": [
"https://security-tracker.debian.org/tracker/CVE-2021-33560"
]
},
{
"name": "CVE-2022-29458",
"severity": "Medium",
"description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.",
"links": [
"https://security-tracker.debian.org/tracker/CVE-2022-29458"
]
},
[...],
]
}
Note that your image must contain no critical or high vulnerabilities in order to pass AWS gate checks.