Ask HN: Have you scanned your Docker images for vulnerabilies?

4 points

5 years ago

I'm a new developer, I'm mostly building and experimenting with my own things. I saw a post here a few months back about vulnerabilities in Docker images. For a while now, I've been dealing with memory problems using WSL - it eats up all of my memory, it's seemingly a common issue that's being tracked here:

https://github.com/microsoft/WSL/issues/4166

But it got me thinking - is this actually Docker running on WSL? I've had problems with Redis image just refusing to shut down - no matter how many times I call Docker compose down. Every day I would have to restart WSl just to gain some memory / performance back. Recently the windows Docker app asked me to scan my images using Snyk - a third party tool. I did that, and every single one of my images - including redis and postgres - came back with +60 critical / high severity vulnerabilities. My own images came back with hundreds of vulnerabilities. As soon as I've deleted those docker images the issues with memory hogging have basically gone.

Has anyone else done this? Is Docker actually secure? Security/deployment considerations are generally above my head - I've been thinking about dropping back to SQLite and Supervisord just so I really 'know' what I'm deploying/using. I'm interested to hear from others if they've faced similar issues with standard Docker images?