Twistlock security scan shows that private keys are stored in the container
sanknmFinicity opened this issue · comments
Hi there!
Twistlock vulnerability scans raise a compliance alarm on images containing Protractor node module:
Private keys stored in image:
Found:
node_modules/browserstack/node_modules/agent-base/test/ssl-cert-snakeoil.key ,
node_modules/saucelabs/node_modules/agent-base/test/ssl-cert-snakeoil.key
Private keys stored in image"
Steps to reproduce
Install Protractor. Build a docker image containing that node module and run that image through Twistlock scanning.
Expected outcome
Successful Twistlock scan completion without errors.
Actual outcome
Twistlock raises a compliance issue because server.key file is included.
Suggested fix
Update saucelab and agent-base to the latest version