The default container (when I have a npm/nodejs app) that AutoDevOps uses is horribly outdated. The problem is also, that these issues (which the project teams have no responsibility for) appear in the container security scanning.
Thus, this is not really useful. Because all Linux CLI tools/container issues are not in the responsibility of the project team.
Here is the technical, yet unresolved or even responded, support report/issue:
So what can I do now?
- If I disable container security scanning, I assume also
npm audit
is not run and these vulnerabilities is also not collected. - If I enable it, I could only dismiss 100+ vulnerabilities, which is cumbersome.