[druid-user] Anchore Vulnerability Scan Report on Apache Druid 0.22.1

Hello Team,

In our production system we have taken apache druid as TSDB. We have taken the latest version of apache druid 0.22.1.

While running anchore vulnerability scan on apache druid 0.22.1 container image, we observe a lot many (total 576) vulnerabilities reported.
Can you please go through the list and let us know what may be fix plan?

Attaching scan report (both in json and excel format).

Regards,
Pankaj Yadav

(Attachment anchoreengine-api-response-vulnerabilities-1.json.xlsx is missing)

(Attachment anchoreengine-api-response-vulnerabilities-1.json is missing)

I’m summarizing the version of this conversation from Slack: