Fixing vulnerabilities in a docker file

Question

I have started running the sample .net8 web api and uploaded the image on amazon ecr. I see the following vulnerabilities being detected.

CVEs List(Critial to Medium)

CVE-2023-45853
CVE-2023-31484
CVE-2023-4039

I have updated the docker file to try to update the package but I am guessing the fix is not yet available.

FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
RUN apt-get update
USER app
WORKDIR /app
EXPOSE 8080
EXPOSE 8081

FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
RUN apt-get update
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["SampleAppNet8.csproj", "."]
RUN dotnet restore "./././SampleAppNet8.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "./SampleAppNet8.csproj" -c $BUILD_CONFIGURATION -o /app/build

FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./SampleAppNet8.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "SampleAppNet8.dll"]

What is the recommended way of dealing with ecr scan vulnerabilities in deployment pipelines ?

Answer 1

You can try and change the base images to alpine (or the base one because it's used as final image i guess)

FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine AS runtime