Troubleshooting Docker image vulnerabilities

You can use the GetImage API to retrieve additional CVE information for any Docker image uploaded to LUSID. For example, if you are unable to create a job from your Docker image lusid-upsert-transactions-image:latest, you could look at the available CVE information for all severity levels and use it to troubleshoot for yourself, or alternatively contact support

curl -X GET 
"https://<your-domain>.lusid.com/scheduler2/api/images/<your-image-name>%3A<your-image-tag>"
  -H "accept: application/json"
  -H "Authorization: Bearer <your-token>"

A response might look like this, with any vulnerabilities listed:

{
  "name": "lusid-upsert-transactions-image",
  "pushTime": "2023-04-19T13:36:34.0000000+00:00",
  "digest": "sha256:5b9810705c893d80f403a0111d932b392b2a53798bd8570d6010c34fb3cf1354",
  "size": 131485064,
  "tags": [
    {
      "name": "latest",
      "pullTime": "0001-01-01T00:00:00.0000000+00:00",
      "pushTime": "0001-01-01T00:00:00.0000000+00:00",
      "signed": false,
      "immutable": false
    }
  ],
  "scanReport": {
    "severity": "High",
    "status": "COMPLETE",
    "endTime": "2023-04-19T13:36:42.0000000+00:00",
    "summary": {
      "total": 51,
      "critical": 0,
      "high": 0,
      "medium": 4,
      "low": 5,
      "negligible": 34,
      "unknown": 8
    },
    "vulnerabilities": [

      {
        "name": "CVE-2022-1304",
        "severity": "Medium",
        "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
        "links": [
          "https://security-tracker.debian.org/tracker/CVE-2022-1304"
        ]
      },
      {
        "name": "CVE-2021-33560",
        "severity": "Medium",
        "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.",
        "links": [
          "https://security-tracker.debian.org/tracker/CVE-2021-33560"
        ]
      },
      {
        "name": "CVE-2022-29458",
        "severity": "Medium",
        "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.",
        "links": [
          "https://security-tracker.debian.org/tracker/CVE-2022-29458"
        ]
      },
      [...],
    ]
}

Note that your image must contain no critical or high vulnerabilities in order to pass AWS gate checks.