-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PrismaScan Flags Critical Issue With Private Keys #12536
Comments
Those are fake keys & certificates used for tests by the upstream source package. They also appear when you
We can't safely remove these files from the conda package without risking breaking the package itself. |
I've opened an issue with the source package |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Actual Behavior
PrismaScan:
https://vscanapidoc.redlock.io
Our company uses PrismaScan to scan container images for vulnerabilities.
The backports test module contains private keys which are causing this alert.
Expected Behavior
No security alert should be flagged as these are tests or test distributed code should not include private keys.
Steps to Reproduce
Create container image with Minconda. I am using this image in DockerHub: continuumio/miniconda3
Run PrismaScan
Anaconda or Miniconda version:
Operating System:
Docker Image:
continuumio/miniconda3:4.9.2-alpine
conda info
conda list --show-channel-urls
The text was updated successfully, but these errors were encountered: