Ubuntu Container Scan with Trivy [2022-12-12]
Contents
Ubuntu Container Security Scan with Trivy [ December 12 2022]
Started by user letslearntigether.info
Obtained Jenkinsfile.trivy-ubuntu from git https://github.com/ffturan/practice.git/
Resume disabled by user, switching to high-performance, low-durability mode.
Step 1/2 : FROM public.ecr.aws/docker/library/ubuntu:latest
latest: Pulling from docker/library/ubuntu
6e3729cf69e0: Pulling fs layer
6e3729cf69e0: Verifying Checksum
6e3729cf69e0: Download complete
6e3729cf69e0: Pull complete
Digest: sha256:27cb6e6ccef575a4698b66f5de06c7ecd61589132d5a91d098f7f3f9285415a9
Status: Downloaded newer image for public.ecr.aws/docker/library/ubuntu:latest
---> 6b7dfa7e8fdb
Step 2/2 : RUN apt-get -y update && apt-get -y upgrade
---> Running in b9220ac0ab46
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:3 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [4732 B]
Get:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [665 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1792 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [781 kB]
Get:9 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [589 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [635 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [969 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [965 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [8150 B]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [7278 B]
Get:18 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [3520 B]
Fetched 24.9 MB in 4s (6862 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Info
ubuntu:scan (ubuntu 22.04)
Total: 13 (UNKNOWN: 0, LOW: 11, MEDIUM: 2, HIGH: 0, CRITICAL: 0)
[Aquasec Trivy] Searching for all files in '/var/lib/jenkins/workspace/trivy-ubuntu' that match the pattern 'results.json'
[Aquasec Trivy] Traversing of symbolic links: enabled
[Aquasec Trivy] -> found 1 file
[Aquasec Trivy] Successfully parsed file /var/lib/jenkins/workspace/trivy-ubuntu/results.json
[Aquasec Trivy] -> found 13 issues (skipped 0 duplicates)
[Aquasec Trivy] Successfully processed file 'results.json'
[Aquasec Trivy] Skipping post processing
[Aquasec Trivy] No filter has been set, publishing all 13 issues
[Aquasec Trivy] Repository miner is not configured, skipping repository mining
[Aquasec Trivy] Reference build recorder is not configured
[Aquasec Trivy] Obtaining reference build from same job (trivy-ubuntu)
[Aquasec Trivy] Using reference build 'trivy-ubuntu #4' to compute new, fixed, and outstanding issues
[Aquasec Trivy] Issues delta (vs. reference build): outstanding: 13, new: 0, fixed: 0
[Aquasec Trivy] No quality gates have been set - skipping
[Aquasec Trivy] Health report is disabled - skipping
[Aquasec Trivy] Created analysis result for 13 issues (found 0 new issues, fixed 0 issues)
[Aquasec Trivy] Attaching ResultAction with ID 'trivy' to build 'trivy-ubuntu #5'.
[Checks API] No suitable checks publisher found.
[Pipeline] sh
+ trivy image ubuntu:scan
2022-12-13T18:08:17.522-0500 [34mINFO[0m Vulnerability scanning is enabled
2022-12-13T18:08:17.522-0500 [34mINFO[0m Secret scanning is enabled
2022-12-13T18:08:17.522-0500 [34mINFO[0m If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-13T18:08:17.522-0500 [34mINFO[0m Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2022-12-13T18:08:17.533-0500 [34mINFO[0m Detected OS: ubuntu
2022-12-13T18:08:17.533-0500 [34mINFO[0m Detecting Ubuntu vulnerabilities...
2022-12-13T18:08:17.534-0500 [34mINFO[0m Number of language-specific files: 0
┌──────────────┬────────────────┬──────────┬──────────────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├──────────────┼────────────────┼──────────┼──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ bash │ CVE-2022-3715 │ LOW │ 5.1-6ubuntu1 │ │ bash: a heap-buffer-overflow in valid_parameter_transform │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3715 │
├──────────────┼────────────────┤ ├──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ coreutils │ CVE-2016-2781 │ │ 8.32-4.1ubuntu1 │ │ coreutils: Non-privileged session can escape to the parent │
│ │ │ │ │ │ session in chroot │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-2781 │
├──────────────┼────────────────┤ ├──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ gpgv │ CVE-2022-3219 │ │ 2.2.27-3ubuntu2.1 │ │ gnupg: denial of service issue (resource consumption) using │
│ │ │ │ │ │ compressed packets │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3219 │
├──────────────┼────────────────┤ ├──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libc-bin │ CVE-2016-20013 │ │ 2.35-0ubuntu3.1 │ │ sha256crypt and sha512crypt through 0.6 allow attackers to │
│ │ │ │ │ │ cause a denial of... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-20013 │
├──────────────┤ │ │ ├───────────────┤ │
│ libc6 │ │ │ │ │ │
│ │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────┼────────────────┤ ├──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libncurses6 │ CVE-2022-29458 │ │ 6.3-2 │ │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├──────────────┤ │ │ ├───────────────┤ │
│ libncursesw6 │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────┼────────────────┤ ├──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libpcre3 │ CVE-2017-11164 │ │ 2:8.39-13ubuntu0.22.04.1 │ │ pcre: OP_KETRMAX feature in the match function in │
│ │ │ │ │ │ pcre_exec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-11164 │
├──────────────┼────────────────┼──────────┼──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libsystemd0 │ CVE-2022-3821 │ MEDIUM │ 249.11-0ubuntu3.6 │ │ systemd: buffer overrun in format_timespan() function │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3821 │
├──────────────┼────────────────┼──────────┼──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libtinfo6 │ CVE-2022-29458 │ LOW │ 6.3-2 │ │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├──────────────┼────────────────┼──────────┼──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libudev1 │ CVE-2022-3821 │ MEDIUM │ 249.11-0ubuntu3.6 │ │ systemd: buffer overrun in format_timespan() function │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3821 │
├──────────────┼────────────────┼──────────┼──────────────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ ncurses-base │ CVE-2022-29458 │ LOW │ 6.3-2 │ │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├──────────────┤ │ │ ├───────────────┤ │
│ ncurses-bin │ │ │ │ │ │
│ │ │ │ │ │ │
└──────────────┴────────────────┴──────────┴──────────────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘