Trivy Security scan error
AshwinSridharan0410 opened this issue · comments
This is my dockerfile which I am using for installing multiple versions of node .
FROM ubuntu
ENV NVM_DIR /usr/local/nvm
RUN mkdir -p $NVM_DIR
RUN curl https://raw.githubusercontent.com/creationix/nvm/v0.39.7/install.sh | bash
&& . $NVM_DIR/nvm.sh
&& nvm install 14.21.3
&& nvm install 16.15
&& nvm install 18.16.1
&& nvm install 20.11.0
RUN chmod +x $NVM_DIR/nvm.sh
ENV NODE_14_PATH $NVM_DIR/versions/node/v14.21.3/bin
ENV PATH $NODE_14_PATH:$PATH
ENV NODE_16_PATH $NVM_DIR/versions/node/v16.15.1/bin
ENV PATH $NODE_16_PATH:$PATH
ENV NODE_18_PATH $NVM_DIR/versions/node/v18.16.1/bin
ENV PATH $NODE_18_PATH:$PATH
ENV NODE_20_PATH $NVM_DIR/versions/node/v20.11.0/bin
ENV PATH $NODE_20_PATH:$PATH
RUN export NVM_DIR="/usr/local/nvm"
&& [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
&& [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"
When I execute this command below:-
trivy image --severity HIGH,CRITICAL --gnore-unfixed image_name
I am getting these vulnerabilities:-
Any idea how to resolve these security vulnerabilities ?
Thanks
Those have nothing to do with nvm, since nvm doesn’t have any runtime npm dependencies. You’ll have to address the problem in your own code.