Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable

JFrog's research on their new "Contextual Analysis" feature in JFrog Xray highlights the importance of distinguishing between actually exploitable vulnerabilities and those that are mere false positives. Their study involved testing the feature on DockerHub's top 200 community images to evaluate how many Common Vulnerabilities and Exposures (CVEs) are genuinely applicable. They found that 78% of reported CVEs were non-applicable when context-sensitive analysis was used, indicating that many alerts from traditional vulnerability detection methods may not require immediate action. The research emphasizes the need for context-aware security practices that consider code prerequisites, configurations, and running environments to reduce unnecessary alerts. JFrog's approach aims to streamline the vulnerability remediation process by focusing on vulnerabilities that truly affect the system, thereby saving developers' time and enhancing software security effectiveness.