Skip to content
This repository was archived by the owner on Jul 18, 2025. It is now read-only.
This repository was archived by the owner on Jul 18, 2025. It is now read-only.

Docker scan reporting just one vulnerability while anchore reporting much more - something wrong? #167

Open
Open
Docker scan reporting just one vulnerability while anchore reporting much more - something wrong?#167
@nithanda

Description

@nithanda
nithanda
opened on Jul 30, 2021

Description

docker scan reported only 1 vulnerability, while if i use anchore (syft), it reports 100+. Why results are so different - is it because with docker you are only showing limited?

docker scan xxxx

Testing xxxx...

✗ High severity vulnerability found in krb5-libs
Description: ELSA-2021-9294
Info: https://snyk.io/vuln/SNYK-ORACLE7-KRB5LIBS-1303151
Introduced through: [email protected]
From: [email protected]
Fixed in: 0:1.15.1-50.0.1.el7

Package manager: rpm
Project name: docker-image|xxxx
Docker image: xxxx
Platform: linux/amd64

Tested 215 dependencies for known vulnerabilities, found 1 vulnerability.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

Sample output from anchore (with same image)

NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
avro 1.10.1 CVE-2019-17195 Critical
bzip2 0.9.1 CVE-2005-1260 Medium
bzip2 0.9.1 CVE-2010-0405 Medium
bzip2 0.9.1 CVE-2011-4089 Medium
bzip2 0.9.1 CVE-2019-12900 Critical
click 6.7 CVE-2015-8768 Critical
client 1.20.19 CVE-2008-1106 High
client 1.20.19 CVE-2013-3705 Medium
client 1.20.19 CVE-2016-0799 Critical
client 1.20.19 CVE-2016-0800 Medium
client 1.20.19 CVE-2018-7687 High
client 1.22.5 CVE-2008-1106 High
client 1.22.5 CVE-2013-3705 Medium
client 1.22.5 CVE-2016-0799 Critical
client 1.22.5 CVE-2016-0800 Medium
client 1.22.5 CVE-2018-7687 High
common 1.22.5 CVE-2015-5723 High
common 1.10.10 CVE-2015-5723 High
common 1.20.19 CVE-2015-5723 High
common 0.5.65 CVE-2015-5723 High
common 1.13.32 CVE-2015-5723 High
commons-collections4 4.4 CVE-2013-1907 Medium
commons-collections4 4.4 CVE-2013-1908 Medium
commons-compress 1.20 CVE-2013-1907 Medium
commons-compress 1.20 CVE-2013-1908 Medium
commons-compress 1.20 CVE-2021-35515 High
commons-compress 1.20 CVE-2021-35516 High
commons-compress 1.20 CVE-2021-35517 High
commons-compress 1.20 CVE-2021-36090 High
commons-csv 1.8 CVE-2013-1907 Medium
commons-csv 1.8 CVE-2013-1908 Medium

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions