Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Several vulnerabilities in ACS docker images 7.0.1 and 7.1.0 detected by Trivy

Go to answer
jego
Star Contributor
Star Contributor

‎11-01-2021 10:29 AM

We are using the provided alfresco enterprise containers to deploy Alfresco  in the Azure Kubernetes Cluster. 

In terms of container security we are using trivy to scan the images for vulnerabilities.

We have used trivy to scan the acs image in version 7.0.1 with following command:

trivy -d quay.io/alfresco/alfresco-content-repository:7.0.1

The result is:

quay.io/alfresco/alfresco-content-repository:7.0.1 (centos 8.4.2105)
====================================================================
Total: 337 (UNKNOWN: 0, LOW: 139, MEDIUM: 178, HIGH: 16, CRITICAL: 4)

Even the new Alfresco Content repository 7.1.0 image has several known security issues, even more than the older version.

quay.io/alfresco/alfresco-content-repository:7.1.0 (centos 7.9.2009)
====================================================================
Total: 810 (UNKNOWN: 0, LOW: 410, MEDIUM: 389, HIGH: 9, CRITICAL: 2)

Fun fact: For the newer version of acs there is a os-downgrade to centos 7.9 (instead of centos 8.4 in acs-7.0.1), so it would explain the higher number of issues.

For me these results are not acceptable as we need to deploy a docker container of an Enterprise software on a customer platform with high and critical issues. 

@angelborroy : Do you know more about the process behind docker container updates and fixing security issues? Do you already scan your docker images for security issues? Do you know where to submit these issues- In the github project https://github.com/Alfresco/acs-packaging/ or as support ticket?

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
angelborroy
Community Manager Community Manager
Community Manager
In response to jego

‎11-02-2021 06:07 AM

Great @jego 

I'll follow this case.

Since we are using different vulnerability tools, I guess we should need to identify those reports from Trivy.

Additionally, the move to CentOS 8 to CentOS 7 was related with CentOS 8 EOL for December 2021:

https://www.centos.org/centos-linux-eol/

Hyland Developer Evangelist

View answer in original post

0 Kudos
4 REPLIES 4

Go to answer
abhinavmishra14
World-Class Innovator
World-Class Innovator

‎11-01-2021 04:12 PM

In general, you can open issue here: https://github.com/Alfresco/acs-packaging/

@amanda_roberts or @angelborroy May be able to direct you to a correct channel to open the ticket with support and followups.

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Go to answer
angelborroy
Community Manager Community Manager
Community Manager

‎11-02-2021 04:37 AM

Thanks for the detailed report, Jens.

We are using different tools in order to identify vulnerabilities in our Docker Images. This process is proactively used for every release, but there may be something we're missing.

Let me verify the impact of the vulnerabilities identified by Trivy and I'll be back with additional information.

Hyland Developer Evangelist
0 Kudos

Go to answer
jego
Star Contributor
Star Contributor
In response to angelborroy

‎11-02-2021 05:28 AM

I have also created a support case - thenumber is 00556732- maybe you can have a look into it because there are some answers already from Scott. 

Thx

0 Kudos

Go to answer
angelborroy
Community Manager Community Manager
Community Manager
In response to jego

‎11-02-2021 06:07 AM

Great @jego 

I'll follow this case.

Since we are using different vulnerability tools, I guess we should need to identify those reports from Trivy.

Additionally, the move to CentOS 8 to CentOS 7 was related with CentOS 8 EOL for December 2021:

https://www.centos.org/centos-linux-eol/

Hyland Developer Evangelist
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC