High number of vulnerabilities in latest docker image on docker hub

[neilbmclaughlin]

I'm being challenged by our operations team on the number of vulnerabilities (79 across high, medium and low severity) detected in a scan of the official PostgREST docker image (i.e. docker scan postgrest/postgrest).

Which is my best course of action - build my own docker image, use one of the nightly images (and if so, which one) or wait for a new latest image?

Thanks in advance.

[laurenceisla]

I think the nightly images which are built using nix and have the newly implemented features are your best choices. In particular, the newest nightly image resulted in no vulnerabilities detected when scanned. You can pull that image from the PostgREST's Docker Hub.

This is the result of the scan:

> docker scan postgrest/postgrest:nightly-2021-06-27-22-48-f3a184a

Testing postgrest/postgrest:nightly-2021-06-27-22-48-f3a184a...

Package manager:   linux
Project name:      docker-image|postgrest/postgrest
Docker image:      postgrest/postgrest:nightly-2021-06-27-22-48-f3a184a
Platform:          linux/amd64

✓ Tested postgrest/postgrest:nightly-2021-06-27-22-48-f3a184a for known vulnerabilities, no vulnerable paths found.

Note that we do not currently have vulnerability data for your image.