Atlas 2.2.0 when built from source seems to have a large number of jar packages that suffer from known exploits / vulnerabilities. I've performed an Anchore and a Twistlock scan of the compiled application and here's the list of the High and Critical vulnerabilities found:
https://pastebin.com/raw/t59rcyH8 I am attempting to put together a public docker image of Atlas compiled from source. You can see my build process here to see how I arrived at the compiled build that I performed the scans on: https://github.com/589290/docker-apache-atlas-ubi8/blob/main/Dockerfile I'm not a Java developer, but I would imagine that perhaps a different version of Maven (I'm using 3.6.3) or an updated pom.xml that has more current (vulnerability free) versions of packages may help remedy my findings. Best Regards, Greg
