Skip to content

Building a docker image for security scan #2463

Description

@OrenGitHub

Hi guys,
I'm trying to reproduce this cve, from a container scan perspective1.
I'm a bit confused because I couldn't find any COPY . . ( or similar ) in the docker files.
So the compose worked fine ( see below ) but where is the actual source code ?

$ docker compose up -d
[+] Running 9/9
 ✔ Container farmbot-web-app-redis-1        Running                                                                                            0.0s
 ✔ Container farmbot-web-app-parcel-1       Started                                                                                            0.0s
 ✔ Container farmbot-web-app-db-1           Started                                                                                            0.0s
 ✔ Container farmbot-web-app-typescript-1   Started                                                                                            0.6s
 ✔ Container farmbot-web-app-web-1          Started                                                                                            0.7s
 ✔ Container farmbot-web-app-mqtt-1         Started                                                                                            0.9s
 ✔ Container farmbot-web-app-log_digests-1  Started                                                                                            0.4s
 ✔ Container farmbot-web-app-rabbit_jobs-1  Started                                                                                            0.6s
 ✔ Container farmbot-web-app-delayed_job-1  Started                                                                                            1.1s

1 I am the author of this open source security container scanner

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions