Trivy scan detects multiple misconfigurations related to Dockerfile

Question

aayani opened this issue 7 months ago · 3 comments

Answer 1 · 2024-03-06T08:15:18.000Z

您的来件已收到！

Answer 2 · 2024-03-06T10:50:30.000Z

您的来件已收到！

where do you mean?

Answer 3 · 2024-03-06T21:17:55.000Z

@aayani, If I'm not mistaken, these files are not intended for the end user, so possible option to resolve this issue is ignore these files https://aquasecurity.github.io/trivy/v0.49/docs/configuration/skipping/

Also, in the screenshot I see that these files are used by https://github.com/mscdex/cpu-features library in node_modules, so maybe it can be ignored using npmignore, https://www.npmjs.com/package/npmignore

@Mizux, correct me if I'm wrong.