Managing vulnerabilities with Docker images and NuGet packages

I had some docker containers using .NET 6 SDK and ASP.NET and they started reporting security vulnerabilities in the GitHub Action “TwistLockScan”.

It was interesting to see the clear listing of the CVEs (Common Vulnerabilities and Exposures) in the pipeline log of the “TwistLockScan” (Now called Prisma cloud scan) section.

I had to update the .NET 6 image to the latest SDK and the ASP.NET in my Dockerfiles and my critical vulnerabilities were gone.

I had to update the NuGet packages using Visual Studio (I like the simplified interface to view just packages with vulnerabilities) and my moderate vulnerabilities were gone.

How do you mange your CVEs?


PaloAltoNetworks/prisma-cloud-scan: GitHub action to scan container images with Palo Alto Networks’ Prisma Cloud

microsoft-dotnet-sdk – Official Image | Docker Hub

microsoft-dotnet-aspnet – Official Image | Docker Hub

How to Scan NuGet Packages for Security Vulnerabilities – The NuGet Blog (