When we run twist lock on ibm-cos-sdk package it complains about public-encrypt
A quick npm list shows it is coming from ibm-cos-sdk package
npm list public-encrypt └─┬ ibm-cos-sdk@1.11.0 └─┬ crypto-browserify@3.12.0 └── public-encrypt@4.0.3
More info:
`Type: compliance
Sev.: high
Description: Private keys stored in image
Found: /opt/app-root/node_modules/public-encrypt/test/1024.priv, /opt/app-root/node_modules/public-encrypt/test/ec.pass.priv, /opt/app-root/node_modules/public-encrypt/test/ec.priv, /opt/app-root/node_modules/public-encrypt/test/pass.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.2028.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.pass.priv, /opt/app-root/node_modules/public-encrypt/test/test_key.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey_encrypted.pem
Images affected:`
When we run twist lock on ibm-cos-sdk package it complains about public-encrypt
A quick npm list shows it is coming from ibm-cos-sdk package
npm list public-encrypt └─┬ ibm-cos-sdk@1.11.0 └─┬ crypto-browserify@3.12.0 └── public-encrypt@4.0.3More info:
`Type: compliance
Sev.: high
Description: Private keys stored in image
Found: /opt/app-root/node_modules/public-encrypt/test/1024.priv, /opt/app-root/node_modules/public-encrypt/test/ec.pass.priv, /opt/app-root/node_modules/public-encrypt/test/ec.priv, /opt/app-root/node_modules/public-encrypt/test/pass.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.2028.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.pass.priv, /opt/app-root/node_modules/public-encrypt/test/test_key.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey_encrypted.pem
Images affected:`