Vulnerabilities in SecureCodingDojo

[swiru95]

Hello,

I am not sure what's going on with this project but it would be good to recompose the docker.io image with latest dependencies.
There is a lot of issues that came from DAST/SAST and it does not look good for OWASP and security project to claim one and
provide other. If the project is not maintained - please archive and close it.

[paul-ion]

@swiru95 my recommendation is to build the docker image from source instead of pulling from Docker Hub.

[paul-ion]

PS: There were several dependencies updated in #162
Also instructions on deploying with Docker Compose can be found on the wiki: https://github.com/OWASP/SecureCodingDojo/wiki/Deploying-with-Docker#docker-setup

OS and npm dependencies are also updated at build time.

[swiru95]

Of course - security 👯

Isnt publicly hosting and providing vulnerable image security bad practice?
What's the problem of creating CI/CD that will update the docker?