ConScan Scan Dashboard

Image Information

Image Name

ghcr.io/peek8/conscan-sample/alpine-secret:v0.1.3-alpha1

Base OS

alpine 3.22.2

Architecture

linux/amd64

Size

13 MB

Scan Date

2025-10-17 12:51:32 UTC

Scanner Version

ConScan v0.01.1

Critical Vulnerabilities

High Vulnerabilities

Exposed Secrets

Installed Packages

CIS Violations

99.73%

Storage Efficiency

Package Vulnerabilities

7 Total

CVE-2025-53859: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allo...

Medium

Package: nginx

Installed Version: 1.28.0-r3

Fixed Version:

CVSS Score: 6.30

CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...

Low

Package: ssl_client

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 3.30

CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...

Low

Package: busybox

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 2.50

CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...

Low

Package: busybox-binsh

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 2.50

CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...

Low

Package: ssl_client

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 2.50

CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...

Low

Package: busybox

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 3.30

CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...

Low

Package: busybox-binsh

Installed Version: 1.37.0-r19

Fixed Version:

CVSS Score: 3.30

Exposed Secrets

0 Found

CIS Benchmark Violations

3 Issues

DKL-DI-0004: Use "apk add" with --no-cache

FATAL

Use --no-cache option if use 'apk add': RUN /bin/sh -c apk update && apk add nginx # buildkit

CIS-DI-0005: Enable Content trust for Docker

INFO

export DOCKER_CONTENT_TRUST=1 before docker pull/build

CIS-DI-0006: Add HEALTHCHECK instruction to the container image

INFO

not found HEALTHCHECK statement

Storage Analysis

62 kB Wasted

Analysis Summary

Efficiency: 99.73%

Wasted Bytes: 62 kB

User Wasted Percent: 1.37%

Inefficient Files:

Count

Wasted Space

File Path

33 kB

/lib/apk/db/installed

26 kB

/lib/apk/db/scripts.tar

1.5 kB

/etc/passwd

1.0 kB

/etc/group

547 B

/etc/shadow

190 B

/lib/apk/db/triggers

154 B

/etc/apk/world

Results:

PASS highestUserWastedPercent

SKIP highestWastedBytes: rule disabled

PASS lowestEfficiency

Result: PASS [Total:3] [Passed:2] [Failed:0] [Warn:0] [Skipped:1]

Installed Packages

19 Total

alpine-baselayout

3.7.0-r0

License: GPL-2.0-only

Description: Alpine base dir structure and init scripts

Source: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout

alpine-baselayout-data

3.7.0-r0

License: GPL-2.0-only

Description: Alpine base dir structure and init scripts

Source: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout

alpine-keys

2.5-r0

License: MIT

Description: Public keys for Alpine Linux packages

Source: https://alpinelinux.org

alpine-release

3.22.2-r0

License: MIT

Description: Alpine release data

Source: https://alpinelinux.org

apk-tools

2.14.9-r3

License: GPL-2.0-only

Description: Alpine Package Keeper - package manager for alpine

Source: https://gitlab.alpinelinux.org/alpine/apk-tools

busybox

1.37.0-r19

License: GPL-2.0-only

Description: Size optimized toolbox of many common UNIX utilities

Source: https://busybox.net/

busybox-binsh

1.37.0-r19

License: GPL-2.0-only

Description: busybox ash /bin/sh

Source: https://busybox.net/

ca-certificates-bundle

20250911-r0

License: (MPL-2.0 AND MIT)

Description: Pre generated bundle of Mozilla certificates

Source: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/

ghcr.io/peek8/conscan-sample/alpine-secret

v0.1.3-alpha1

License: NOASSERTION

Description: -

Source: NOASSERTION

libapk2

2.14.9-r3

License: GPL-2.0-only

Description: Alpine Package Keeper - package manager for alpine

Source: https://gitlab.alpinelinux.org/alpine/apk-tools

libcrypto3

3.5.4-r0

License: Apache-2.0

Description: Crypto library from openssl

Source: https://www.openssl.org/

libssl3

3.5.4-r0

License: Apache-2.0

Description: SSL shared libraries

Source: https://www.openssl.org/

musl

1.2.5-r10

License: MIT

Description: the musl c library (libc) implementation

Source: https://musl.libc.org/

musl-utils

1.2.5-r10

License: (MIT AND BSD-2-Clause AND GPL-2.0-or-later)

Description: the musl c library (libc) implementation

Source: https://musl.libc.org/

nginx

1.28.0-r3

License: BSD-2-Clause

Description: HTTP and reverse proxy server (stable version)

Source: https://www.nginx.org/

pcre2

10.43-r1

License: BSD-3-Clause

Description: Perl-compatible regular expression library

Source: https://pcre.org/

scanelf

1.3.8-r1

License: GPL-2.0-only

Description: Scan ELF binaries for stuff

Source: https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities

ssl_client

1.37.0-r19

License: GPL-2.0-only

Description: External ssl_client for busybox wget

Source: https://busybox.net/

zlib

1.3.1-r2

License: Zlib

Description: A compression/decompression Library

Source: https://zlib.net/

ConScan Image Scan Dashboard

Image Information

Analysis Summary

Inefficient Files:

Results: