Hacker News new | past | comments | ask | show | jobs | submit login

Docker Hub has been providing 3rd party component details for some years now. And based on my limited exposure, they've been pretty spot on in regard to what 3rd party code is included, CVEs impacting shown components (meaning they appear to mostly correctly show backported patches to otherwise vulnerable libs). See below (requires DockerHub account):

URL: https://hub.docker.com/_/node/scans/library/node/current-sli...

URL: https://hub.docker.com/_/mongo/scans/library/mongo/4.1

For node:10-jessie, this is: https://hub.docker.com/_/node/scans/library/node/10-jessie. This seems credible.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact