So, I'm basically pulling the base images of the certain OS, and hardening them to reload onto another registry. When I pull the image and harden and push, under CI Scans of (Gitlab) of my pipeline. I don't get any CVEs. But when I pull the same image which I pushed to the last registry and run the ci scan with only a docker file which contains only
`FROM (hardened-image)` I'm getting vulnerabilities, I do not understand what is happening and why it is happening, can someone help me?
... View more