-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker image comes with 8 Critical and 34 High Vulnerabilities #506
Comments
@andora2 what machine are you using? I tried out this Dockerfile on Mac on the Master Branch and it crashed with the error below.
|
Hi, machine is: windows 10 I would have PR this, but it needs some cleancode beautifying steps and unfortunately I'll not make it any time soon (if at all). I had to solve this issue for a dedicated topic but nothing more then that.I thought I could at least let you know. Take care, |
Hi,
please find bellow a less vulnerable docker setup as a improvement suggestion.
It reduces theproblem from this [8C, 34H, 32M, 98L Issues]:
..> docker scout quickview
TO this [-C, 1H, 3M, 0L Issues]:
The main solution is to use alpine instead of debian::bullseye. (bookworm removed the criticals but had still quite some High vuln. issues).
Using alpine required to help playwright and pymupdf to pip install successfully, but finaly it worked out.
The app works like a charm.
Though I think the Dockerfile image layer concept might profit from some improvement as well.
Please checkout yourself, and update the dockerfile and requirements.txt for the sake of less vulnerable instances out there :o)
Reg. requirements.txt: you just have to exclude playwright and pymupdf since the pip install is done in the docker (not necessary a final requirement, but was good enough for me)
Here the DOCKERFILE:
The text was updated successfully, but these errors were encountered: